<!DOCTYPE HTML>
<html lang="en-US">

<!-- OneTrust Cookies Consent Notice start for trendmicro.com -->
<script type="text/javascript" src="https://cdn.cookielaw.org/consent/821060e3-3f9c-4a2f-8613-8e0db4841f79/OtAutoBlock.js"></script>
<script src="https://cdn.cookielaw.org/scripttemplates/otSDKStub.js" type="text/javascript" charset="UTF-8" data-domain-script="821060e3-3f9c-4a2f-8613-8e0db4841f79"></script>
<script type="text/javascript">function OptanonWrapper() { }</script>
<!-- OneTrust Cookies Consent Notice end for trendmicro.com -->

   	
	
	

	<script type="text/javascript" src="/etc.clientlibs/clientlibs/granite/jquery.min.js"></script>
	<script type="text/javascript" src="/etc.clientlibs/clientlibs/granite/utils.min.js"></script>

	<script type="text/javascript">
		if (typeof Granite !== "undefined" && Granite.I18n){
			Granite.I18n.setLocale("en_us" || "en");
		}
	</script>
	
    <head>
    
    
    
    
    <meta charset="UTF-8"/>
    <meta name="viewport" content="width=device-width"/>
	<meta name="description" content="An analysis of advanced persistent threat (APT) group Red Menshen’s different variants of backdoor BPFDoor as it evolves since it was first documented in 2021."/>
	<meta name="robots" content="index,follow"/>
	<meta name="keywords" content="malware,cyber threats,apt &amp; targeted attacks,endpoints,iot,network,articles, news, reports"/>
	<meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1"/>
	<meta name="template" content="article1withouthero"/>
    <meta property="article:published_time" content="2023-07-13"/>
    <meta property="article:tag" content="malware"/>
    <meta property="article:section"/>
    
    <link rel="icon" type="image/ico" href="/content/dam/trendmicro/favicon.ico"/>
	<link rel="canonical" href="https://www.trendmicro.com/en_us/research/23/g/detecting-bpfdoor-backdoor-variants-abusing-bpf-filters.html"/>

    <title>Detecting BPFDoor Backdoor Variants Abusing BPF Filters</title>
			 
    

    <link href="https://fonts.googleapis.com/css?family=Open+Sans:300,300i,400,400i,600" rel="stylesheet"/>
<link href="//customer.cludo.com/css/296/1798/cludo-search.min.css" type="text/css" rel="stylesheet"/>



    
    
    

    
    
    
    
<link rel="stylesheet" href="/etc.clientlibs/trendresearch/clientlibs/clientlib-trendresearch.min.css" type="text/css">
<link rel="stylesheet" href="/etc.clientlibs/trendmicro/clientlibs/trendmicro-core-2/clientlibs/header-footer.min.css" type="text/css">



    

    

    <script src="//tags.tiqcdn.com/utag/trendmicro/nabucms/prod/utag.sync.js"></script>
	<meta property="og:url" content="https://www.trendmicro.com/en_us/research/23/g/detecting-bpfdoor-backdoor-variants-abusing-bpf-filters.html"/>
<meta property="og:title" content="Detecting BPFDoor Backdoor Variants Abusing BPF Filters"/>
<meta property="og:description" content="An analysis of advanced persistent threat (APT) group Red Menshen’s different variants of backdoor BPFDoor as it evolves since it was first documented in 2021."/>
<meta property="og:site_name" content="Trend Micro"/>
<meta property="og:image" content="https://www.trendmicro.com/content/dam/trendmicro/global/en/research/thumbnails/23/detecting-bpfdoor-variants-abusing-bpf-filters.jpg"/>
<meta property="og:locale" content="en_US"/>

	<meta name="twitter:card" content="summary_large_image"/>
<meta name="twitter:site" content="@TrendMicro"/>
<meta name="twitter:title" content="Detecting BPFDoor Backdoor Variants Abusing BPF Filters"/>
<meta name="twitter:description" content="An analysis of advanced persistent threat (APT) group Red Menshen’s different variants of backdoor BPFDoor as it evolves since it was first documented in 2021."/>
<meta name="twitter:image" content="https://www.trendmicro.com/content/dam/trendmicro/global/en/research/thumbnails/23/detecting-bpfdoor-variants-abusing-bpf-filters.jpg"/>


<script>(window.BOOMR_mq=window.BOOMR_mq||[]).push(["addVar",{"rua.upush":"false","rua.cpush":"false","rua.upre":"false","rua.cpre":"false","rua.uprl":"false","rua.cprl":"false","rua.cprf":"false","rua.trans":"","rua.cook":"false","rua.ims":"false","rua.ufprl":"false","rua.cfprl":"false","rua.isuxp":"false","rua.texp":"norulematch"}]);</script>
                              <script>!function(e){var n="https://s.go-mpulse.net/boomerang/";if("False"=="True")e.BOOMR_config=e.BOOMR_config||{},e.BOOMR_config.PageParams=e.BOOMR_config.PageParams||{},e.BOOMR_config.PageParams.pci=!0,n="https://s2.go-mpulse.net/boomerang/";if(window.BOOMR_API_key="KL7L2-AE63W-6L875-PUGB2-GU2BB",function(){function e(){if(!o){var e=document.createElement("script");e.id="boomr-scr-as",e.src=window.BOOMR.url,e.async=!0,i.parentNode.appendChild(e),o=!0}}function t(e){o=!0;var n,t,a,r,d=document,O=window;if(window.BOOMR.snippetMethod=e?"if":"i",t=function(e,n){var t=d.createElement("script");t.id=n||"boomr-if-as",t.src=window.BOOMR.url,BOOMR_lstart=(new Date).getTime(),e=e||d.body,e.appendChild(t)},!window.addEventListener&&window.attachEvent&&navigator.userAgent.match(/MSIE [67]\./))return window.BOOMR.snippetMethod="s",void t(i.parentNode,"boomr-async");a=document.createElement("IFRAME"),a.src="about:blank",a.title="",a.role="presentation",a.loading="eager",r=(a.frameElement||a).style,r.width=0,r.height=0,r.border=0,r.display="none",i.parentNode.appendChild(a);try{O=a.contentWindow,d=O.document.open()}catch(_){n=document.domain,a.src="javascript:var d=document.open();d.domain='"+n+"';void(0);",O=a.contentWindow,d=O.document.open()}if(n)d._boomrl=function(){this.domain=n,t()},d.write("<bo"+"dy onload='document._boomrl();'>");else if(O._boomrl=function(){t()},O.addEventListener)O.addEventListener("load",O._boomrl,!1);else if(O.attachEvent)O.attachEvent("onload",O._boomrl);d.close()}function a(e){window.BOOMR_onload=e&&e.timeStamp||(new Date).getTime()}if(!window.BOOMR||!window.BOOMR.version&&!window.BOOMR.snippetExecuted){window.BOOMR=window.BOOMR||{},window.BOOMR.snippetStart=(new Date).getTime(),window.BOOMR.snippetExecuted=!0,window.BOOMR.snippetVersion=12,window.BOOMR.url=n+"KL7L2-AE63W-6L875-PUGB2-GU2BB";var i=document.currentScript||document.getElementsByTagName("script")[0],o=!1,r=document.createElement("link");if(r.relList&&"function"==typeof r.relList.supports&&r.relList.supports("preload")&&"as"in r)window.BOOMR.snippetMethod="p",r.href=window.BOOMR.url,r.rel="preload",r.as="script",r.addEventListener("load",e),r.addEventListener("error",function(){t(!0)}),setTimeout(function(){if(!o)t(!0)},3e3),BOOMR_lstart=(new Date).getTime(),i.parentNode.appendChild(r);else t(!1);if(window.addEventListener)window.addEventListener("load",a,!1);else if(window.attachEvent)window.attachEvent("onload",a)}}(),"".length>0)if(e&&"performance"in e&&e.performance&&"function"==typeof e.performance.setResourceTimingBufferSize)e.performance.setResourceTimingBufferSize();!function(){if(BOOMR=e.BOOMR||{},BOOMR.plugins=BOOMR.plugins||{},!BOOMR.plugins.AK){var n=""=="true"?1:0,t="",a="kbjpooqxhvpxezfsvt3a-f-f12941f62-clientnsv4-s.akamaihd.net",i="false"=="true"?2:1,o={"ak.v":"36","ak.cp":"1340666","ak.ai":parseInt("807181",10),"ak.ol":"0","ak.cr":45,"ak.ipv":4,"ak.proto":"http/1.1","ak.rid":"10e724b3","ak.r":39685,"ak.a2":n,"ak.m":"","ak.n":"essl","ak.bpcip":"80.82.247.0","ak.cport":59047,"ak.gh":"104.89.116.220","ak.quicv":"","ak.tlsv":"tls1.3","ak.0rtt":"","ak.csrc":"-","ak.acc":"reno","ak.t":"1689431286","ak.ak":"hOBiQwZUYzCg5VSAfCLimQ==fm+dmzRhJwFMJdAdWuSPSxzO6MeXAuzLlWRmU+bob/jUl8FprpaREiHbm0hb/2hWbO85fdunjgErrmhIAqX+g8Dh4fGeZ6XbTHTdwHCn/TCEocAnNL0ExHtCpKnjcfZjmiEGDE8aFGi5zVxZwviiehh5oG8abAJnk0r0zgRV0vbV8NTgVbRwFFcu8nYGkerT/LpjuhoJ0qWGS2KB+WqmxKOuw6zrsBVwYDKlrSfJ7CkvDobN7nbQf1921Pqp9xfcnHjeKJo1fOsl3F+hkxCbyrpAEvqc9Mqle8eo5n3a4qpA4bqzmgVp2QynsLCx7aW6T6VVKNmDkMmEY93FUUQ++GbtYIkw7XFvtUZGRYf1sj0mPgT4FY9bZWN3ZA5K2tlP0apxTKvSblecMAeJ5FpSmOdENtG2aDUxYOkpbHgWxr8=","ak.pv":"14","ak.dpoabenc":"","ak.tf":i};if(""!==t)o["ak.ruds"]=t;var r={i:!1,av:function(n){var t="http.initiator";if(n&&(!n[t]||"spa_hard"===n[t]))o["ak.feo"]=void 0!==e.aFeoApplied?1:0,BOOMR.addVar(o)},rv:function(){var e=["ak.bpcip","ak.cport","ak.cr","ak.csrc","ak.gh","ak.ipv","ak.m","ak.n","ak.ol","ak.proto","ak.quicv","ak.tlsv","ak.0rtt","ak.r","ak.acc","ak.t","ak.tf"];BOOMR.removeVar(e)}};BOOMR.plugins.AK={akVars:o,akDNSPreFetchDomain:a,init:function(){if(!r.i){var e=BOOMR.subscribe;e("before_beacon",r.av,null,null),e("onbeacon",r.rv,null,null),r.i=!0}return this},is_complete:function(){return!0}}}}()}(window);</script></head>
    
    <body class="articlepage page basicpage context-business">
		<!-- Page Scroll: Back to Top -->
		<a id="page-scroll" title="VerticalPageScroll" href="javascript:jumpScroll($(this).scrollTop());">
			<span class="icon-chevron-up"></span>
		</a>

        
                      
     		<!-- /* Data Layer */ -->
			<script type="text/javascript">
				var utag_data = {"customer_cookie_type":"business","language_code":"en_us","page_name":"research/23/g/detecting-bpfdoor-backdoor-variants-abusing-bpf-filters/en_us","category_id":"en_us/research/23/g/detecting-bpfdoor-backdoor-variants-abusing-bpf-filters","page_type":"unknown","site_section":"research","post_author":"Fernando Merces|Sr. Threat Researcher","post_date":"2023-07-13"};
			</script>

			<script type="text/javascript">(function(a,b,c,d){a='//tags.tiqcdn.com/utag/trendmicro/nabucms/prod/utag.js';b=document;c='script';d=b.createElement(c);d.src=a;d.type='text/java'+c;d.async=true;a=b.getElementsByTagName(c)[0];a.parentNode.insertBefore(d,a);})();</script>

            



            
<div class="businessHeaderV1">




<div class="headerAssemblyV1"><div class="headerassemblyv1 headerAssemblyV1">


<header class="page-header">

	
	<nav>
		<div class="header-bar">
			<div class="logo">
				
				<a id="header-logo" href="/en_us/business.html">
					<img src="/content/dam/trendmicro/global/en/core/images/logos/tm-logo-red-white-t.svg"/>
					<p>Business</p>
				</a>
			</div>
			<div class="inner-nav-wrapper">
				<span class="material-symbols-outlined search-icon">search</span>
				<span class="material-symbols-outlined close-search-icon">close</span>
				<input type="checkbox" id="checkbox" class="hamburger-menu"/>
				<div aria-label="Menu" class="hamburger"></div>
			</div>
		</div>

		<div class="hamburger-wrapper">
			<div class="mainNavMenuV1"><div class="mainNavMenu mainNavMenuV1">



<div class="list-wrapper inital-list-wrapper">
	<ul class="menu nav-level-0">
		<li>
			<!-- Level 0, top menu -->
			<div class="label">Solutions</div>
			<ul class="sub-menu nav-level-1">
				<li>
<div class="label branch">
	<a class="menu-link" href="/en_us/business/solutions/challenges.html">By Challenge</a>
</div>
<ul class="branch nav-item-2">
	<!-- This fake child menu should be a desktop enhancement only. Mobile never uses it -->
	

	
	<li>
<div class="label leaf">
	<a class="menu-link" href="/en_us/business/solutions/challenges.html">By Challenge</a>
</div>
<ul class="leaf nav-item-leaf">
	<!-- This fake child menu should be a desktop enhancement only. Mobile never uses it -->
	<li class="desktop-leaf-child">
		<div class="desktop-leaf-child-text">
			
			<div class="title">By Challenge</div>
			
			<a class="leaf-button color-d71920" href="/en_us/business/solutions/challenges.html">Learn more</a>
		</div>
		<div class="leaf-image">
			
		</div>
	</li>

	
</ul>
</li>
	
	<li>
<div class="label leaf">
	<a class="menu-link" href="/en_us/business/solutions/challenges/cyber-risk.html">Understand, Prioritize &amp; Mitigate Risks</a>
</div>
<ul class="leaf nav-item-leaf">
	<!-- This fake child menu should be a desktop enhancement only. Mobile never uses it -->
	<li class="desktop-leaf-child">
		<div class="desktop-leaf-child-text">
			
			<div class="title">Understand, Prioritize &amp; Mitigate Risks</div>
			<p class="copy">Improve your risk posture with attack surface management</p>
			<a class="leaf-button color-d71920" href="/en_us/business/solutions/challenges/cyber-risk.html">Learn more</a>
		</div>
		<div class="leaf-image">
			
		</div>
	</li>

	
</ul>
</li>
	
	<li>
<div class="label leaf">
	<a class="menu-link" href="/en_us/business/solutions/challenges/cloud-native-applications.html">Protect Cloud-Native Apps</a>
</div>
<ul class="leaf nav-item-leaf">
	<!-- This fake child menu should be a desktop enhancement only. Mobile never uses it -->
	<li class="desktop-leaf-child">
		<div class="desktop-leaf-child-text">
			
			<div class="title">Protect Cloud-Native Apps</div>
			<p class="copy">Security that enables business outcomes</p>
			<a class="leaf-button color-d71920" href="/en_us/business/solutions/challenges/cloud-native-applications.html">Learn more</a>
		</div>
		<div class="leaf-image">
			
		</div>
	</li>

	
</ul>
</li>
	
	<li>
<div class="label leaf">
	<a class="menu-link" href="/en_us/business/solutions/challenges/hybrid-cloud.html">Protect Your Hybrid World</a>
</div>
<ul class="leaf nav-item-leaf">
	<!-- This fake child menu should be a desktop enhancement only. Mobile never uses it -->
	<li class="desktop-leaf-child">
		<div class="desktop-leaf-child-text">
			
			<div class="title">Protect Your Hybrid, Multi-Cloud World</div>
			<p class="copy">Gain visibility and meet business needs with security</p>
			<a class="leaf-button color-d71920" href="/en_us/business/solutions/challenges/hybrid-cloud.html">Learn more</a>
		</div>
		<div class="leaf-image">
			
		</div>
	</li>

	
</ul>
</li>
	
	<li>
<div class="label leaf">
	<a class="menu-link" href="/en_us/business/solutions/challenges/infrastructure-security.html">Securing Your Borderless Workforce</a>
</div>
<ul class="leaf nav-item-leaf">
	<!-- This fake child menu should be a desktop enhancement only. Mobile never uses it -->
	<li class="desktop-leaf-child">
		<div class="desktop-leaf-child-text">
			
			<div class="title">Securing Your Borderless Workforce</div>
			<p class="copy">Connect with confidence from anywhere, on any device</p>
			<a class="leaf-button color-d71920" href="/en_us/business/solutions/challenges/infrastructure-security.html">Learn more</a>
		</div>
		<div class="leaf-image">
			
		</div>
	</li>

	
</ul>
</li>
	
	<li>
<div class="label leaf">
	<a class="menu-link" href="/en_us/business/solutions/challenges/network-security.html">Eliminate Network Blind Spots</a>
</div>
<ul class="leaf nav-item-leaf">
	<!-- This fake child menu should be a desktop enhancement only. Mobile never uses it -->
	<li class="desktop-leaf-child">
		<div class="desktop-leaf-child-text">
			
			<div class="title">Eliminate Network Blind Spots</div>
			<p class="copy">Secure users and key operations throughout your environment</p>
			<a class="leaf-button color-d71920" href="/en_us/business/solutions/challenges/network-security.html">Learn more</a>
		</div>
		<div class="leaf-image">
			
		</div>
	</li>

	
</ul>
</li>
	
	<li>
<div class="label leaf">
	<a class="menu-link" href="/en_us/business/solutions/challenges/detection-response.html">See More. Respond Faster.</a>
</div>
<ul class="leaf nav-item-leaf">
	<!-- This fake child menu should be a desktop enhancement only. Mobile never uses it -->
	<li class="desktop-leaf-child">
		<div class="desktop-leaf-child-text">
			
			<div class="title">See More. Respond Faster.</div>
			<p class="copy">Move faster than your adversaries with powerful purpose-built XDR, attack surface risk management, and zero trust capabilities</p>
			<a class="leaf-button color-d71920" href="/en_us/business/solutions/challenges/detection-response.html">Learn more</a>
		</div>
		<div class="leaf-image">
			
		</div>
	</li>

	
</ul>
</li>
	
	<li>
<div class="label leaf">
	<a class="menu-link" href="/en_us/business/solutions/challenges/managed-services.html">Extend Your Team</a>
</div>
<ul class="leaf nav-item-leaf">
	<!-- This fake child menu should be a desktop enhancement only. Mobile never uses it -->
	<li class="desktop-leaf-child">
		<div class="desktop-leaf-child-text">
			
			<div class="title">Extend Your Team. Respond to Threats Agilely</div>
			<p class="copy">Maximize effectiveness with proactive risk reduction and managed services</p>
			<a class="leaf-button color-d71920" href="/en_us/business/solutions/challenges/managed-services.html">Learn more</a>
		</div>
		<div class="leaf-image">
			
		</div>
	</li>

	
</ul>
</li>
	
</ul>
</li>
			
				<li>
<div class="label branch">
	<a class="menu-link" href="/en_us/business/solutions/role.html">By Role</a>
</div>
<ul class="branch nav-item-2">
	<!-- This fake child menu should be a desktop enhancement only. Mobile never uses it -->
	

	
	<li>
<div class="label leaf">
	<a class="menu-link" href="/en_us/business/solutions/role.html">By Role</a>
</div>
<ul class="leaf nav-item-leaf">
	<!-- This fake child menu should be a desktop enhancement only. Mobile never uses it -->
	<li class="desktop-leaf-child">
		<div class="desktop-leaf-child-text">
			
			<div class="title">By Role</div>
			
			<a class="leaf-button color-d71920" href="/en_us/business/solutions/role.html">Learn more</a>
		</div>
		<div class="leaf-image">
			
		</div>
	</li>

	
</ul>
</li>
	
	<li>
<div class="label leaf">
	<a class="menu-link" href="/en_us/business/solutions/role/ciso.html">CISO</a>
</div>
<ul class="leaf nav-item-leaf">
	<!-- This fake child menu should be a desktop enhancement only. Mobile never uses it -->
	<li class="desktop-leaf-child">
		<div class="desktop-leaf-child-text">
			
			<div class="title">CISO</div>
			<p class="copy">Drive business value with measurable cybersecurity outcomes</p>
			<a class="leaf-button color-d71920" href="/en_us/business/solutions/role/ciso.html">Learn more</a>
		</div>
		<div class="leaf-image">
			
		</div>
	</li>

	
</ul>
</li>
	
	<li>
<div class="label leaf">
	<a class="menu-link" href="/en_us/business/solutions/role/soc.html">SOC Manager</a>
</div>
<ul class="leaf nav-item-leaf">
	<!-- This fake child menu should be a desktop enhancement only. Mobile never uses it -->
	<li class="desktop-leaf-child">
		<div class="desktop-leaf-child-text">
			
			<div class="title">SOC Manager</div>
			<p class="copy">See more, act faster</p>
			<a class="leaf-button color-d71920" href="/en_us/business/solutions/role/soc.html">Learn more</a>
		</div>
		<div class="leaf-image">
			
		</div>
	</li>

	
</ul>
</li>
	
	<li>
<div class="label leaf">
	<a class="menu-link" href="/en_us/business/solutions/role/it-infrastructure-operations.html">Infrastructure Manager</a>
</div>
<ul class="leaf nav-item-leaf">
	<!-- This fake child menu should be a desktop enhancement only. Mobile never uses it -->
	<li class="desktop-leaf-child">
		<div class="desktop-leaf-child-text">
			
			<div class="title">Infrastructure Manager</div>
			<p class="copy">Evolve your security to mitigate threats quickly and effectively</p>
			<a class="leaf-button color-d71920" href="/en_us/business/solutions/role/it-infrastructure-operations.html">Learn more</a>
		</div>
		<div class="leaf-image">
			
		</div>
	</li>

	
</ul>
</li>
	
	<li>
<div class="label leaf">
	<a class="menu-link" href="/en_us/business/solutions/role/cloud-developer.html">Cloud Builder and Developer</a>
</div>
<ul class="leaf nav-item-leaf">
	<!-- This fake child menu should be a desktop enhancement only. Mobile never uses it -->
	<li class="desktop-leaf-child">
		<div class="desktop-leaf-child-text">
			
			<div class="title">Cloud Builder and Developer</div>
			<p class="copy">Ensure code runs only as intended</p>
			<a class="leaf-button color-d71920" href="/en_us/business/solutions/role/cloud-developer.html">Learn more</a>
		</div>
		<div class="leaf-image">
			
		</div>
	</li>

	
</ul>
</li>
	
	<li>
<div class="label leaf">
	<a class="menu-link" href="/en_us/business/solutions/role/cloud-operations.html">Cloud Security Ops</a>
</div>
<ul class="leaf nav-item-leaf">
	<!-- This fake child menu should be a desktop enhancement only. Mobile never uses it -->
	<li class="desktop-leaf-child">
		<div class="desktop-leaf-child-text">
			
			<div class="title">Cloud Security Ops</div>
			<p class="copy">Gain visibility and control with security designed for cloud environments</p>
			<a class="leaf-button color-d71920" href="/en_us/business/solutions/role/cloud-operations.html">Learn more</a>
		</div>
		<div class="leaf-image">
			
		</div>
	</li>

	
</ul>
</li>
	
</ul>
</li>
			
				<li>
<div class="label branch">
	<a class="menu-link" href="/en_us/business/capabilities/solutions-for.html">By Industry</a>
</div>
<ul class="branch nav-item-2">
	<!-- This fake child menu should be a desktop enhancement only. Mobile never uses it -->
	

	
	<li>
<div class="label leaf">
	<a class="menu-link" href="/en_us/business/capabilities/solutions-for.html">By Industry</a>
</div>
<ul class="leaf nav-item-leaf">
	<!-- This fake child menu should be a desktop enhancement only. Mobile never uses it -->
	<li class="desktop-leaf-child">
		<div class="desktop-leaf-child-text">
			
			<div class="title">By Industry</div>
			
			<a class="leaf-button color-d71920" href="/en_us/business/capabilities/solutions-for.html">Learn more</a>
		</div>
		<div class="leaf-image">
			
		</div>
	</li>

	
</ul>
</li>
	
	<li>
<div class="label leaf">
	<a class="menu-link" href="/en_us/business/capabilities/solutions-for/healthcare.html">Healthcare</a>
</div>
<ul class="leaf nav-item-leaf">
	<!-- This fake child menu should be a desktop enhancement only. Mobile never uses it -->
	<li class="desktop-leaf-child">
		<div class="desktop-leaf-child-text">
			
			<div class="title">Healthcare</div>
			<p class="copy">Protect patient data, devices, and networks while meeting regulations</p>
			<a class="leaf-button color-d71920" href="/en_us/business/capabilities/solutions-for/healthcare.html">Learn more</a>
		</div>
		<div class="leaf-image">
			
		</div>
	</li>

	
</ul>
</li>
	
	<li>
<div class="label leaf">
	<a class="menu-link" href="/en_us/business/solutions/iot/ics-ot.html">Manufacturing</a>
</div>
<ul class="leaf nav-item-leaf">
	<!-- This fake child menu should be a desktop enhancement only. Mobile never uses it -->
	<li class="desktop-leaf-child">
		<div class="desktop-leaf-child-text">
			
			<div class="title">Manufacturing</div>
			<p class="copy">Protecting your factory environments – from traditional devices to state-of-the-art infrastructures</p>
			<a class="leaf-button color-d71920" href="/en_us/business/solutions/iot/ics-ot.html">Learn more</a>
		</div>
		<div class="leaf-image">
			
		</div>
	</li>

	
</ul>
</li>
	
	<li>
<div class="label leaf">
	<a class="menu-link" href="/en_us/business/solutions/iot/ics-ot.html">Oil &amp; Gas</a>
</div>
<ul class="leaf nav-item-leaf">
	<!-- This fake child menu should be a desktop enhancement only. Mobile never uses it -->
	<li class="desktop-leaf-child">
		<div class="desktop-leaf-child-text">
			
			<div class="title">Oil &amp; Gas</div>
			<p class="copy">ICS/OT Security for the oil and gas utility industry</p>
			<a class="leaf-button color-d71920" href="/en_us/business/solutions/iot/ics-ot.html">Learn more</a>
		</div>
		<div class="leaf-image">
			
		</div>
	</li>

	
</ul>
</li>
	
	<li>
<div class="label leaf">
	<a class="menu-link" href="/en_us/business/solutions/iot/ics-ot.html">Electric Utility</a>
</div>
<ul class="leaf nav-item-leaf">
	<!-- This fake child menu should be a desktop enhancement only. Mobile never uses it -->
	<li class="desktop-leaf-child">
		<div class="desktop-leaf-child-text">
			
			<div class="title">Electric Utility</div>
			<p class="copy">ICS/OT Security for the electric utility</p>
			<a class="leaf-button color-d71920" href="/en_us/business/solutions/iot/ics-ot.html">Learn more</a>
		</div>
		<div class="leaf-image">
			
		</div>
	</li>

	
</ul>
</li>
	
	<li>
<div class="label leaf">
	<a class="menu-link" href="/en_us/business/capabilities/solutions-for/federal-government.html">Federal</a>
</div>
<ul class="leaf nav-item-leaf">
	<!-- This fake child menu should be a desktop enhancement only. Mobile never uses it -->
	<li class="desktop-leaf-child">
		<div class="desktop-leaf-child-text">
			
			<div class="title">Federal</div>
			
			<a class="leaf-button color-d71920" href="/en_us/business/capabilities/solutions-for/federal-government.html">Learn more</a>
		</div>
		<div class="leaf-image">
			
		</div>
	</li>

	
</ul>
</li>
	
	<li>
<div class="label leaf">
	<a class="menu-link" href="https://vicone.com/en" target="_blank" rel="noopener noreferrer">Automotive</a>
</div>
<ul class="leaf nav-item-leaf">
	<!-- This fake child menu should be a desktop enhancement only. Mobile never uses it -->
	<li class="desktop-leaf-child">
		<div class="desktop-leaf-child-text">
			
			<div class="title">Automotive</div>
			
			<a class="leaf-button color-d71920" href="https://vicone.com/en" target="_blank" rel="noopener noreferrer">Learn more</a>
		</div>
		<div class="leaf-image">
			
		</div>
	</li>

	
</ul>
</li>
	
	<li>
<div class="label leaf">
	<a class="menu-link" href="/en_us/business/solutions/iot/enterprise-5g-iot.html">5G Networks</a>
</div>
<ul class="leaf nav-item-leaf">
	<!-- This fake child menu should be a desktop enhancement only. Mobile never uses it -->
	<li class="desktop-leaf-child">
		<div class="desktop-leaf-child-text">
			
			<div class="title">5G Networks</div>
			
			<a class="leaf-button color-d71920" href="/en_us/business/solutions/iot/enterprise-5g-iot.html">Learn more</a>
		</div>
		<div class="leaf-image">
			
		</div>
	</li>

	
</ul>
</li>
	
</ul>
</li>
			</ul>
		</li>
	
		<li>
			<!-- Level 0, top menu -->
			<div class="label">Platform</div>
			<ul class="sub-menu nav-level-1">
				<li>
<div class="label leaf">
	<a class="menu-link" href="/en_us/business/products/one-platform.html">Vision One Platform</a>
</div>
<ul class="leaf nav-item-leaf">
	<!-- This fake child menu should be a desktop enhancement only. Mobile never uses it -->
	<li class="desktop-leaf-child">
		<div class="desktop-leaf-child-text">
			<div class="subtitle">Trend Vision One</div>
			<div class="title">Our Unified Platform</div>
			<p class="copy">Bridge threat protection and cyber risk management</p>
			<a class="leaf-button color-d71920" href="/en_us/business/products/one-platform.html">Learn more</a>
		</div>
		<div class="leaf-image">
			
		</div>
	</li>

	
</ul>
</li>
			
				<li>
<div class="label leaf">
	<a class="menu-link" href="/en_us/business/products/detection-response/attack-surface-management.html">Attack Surface Management</a>
</div>
<ul class="leaf nav-item-leaf">
	<!-- This fake child menu should be a desktop enhancement only. Mobile never uses it -->
	<li class="desktop-leaf-child">
		<div class="desktop-leaf-child-text">
			
			<div class="title">Attack Surface Management</div>
			<p class="copy">Operationalize a zero trust strategy</p>
			<a class="leaf-button color-d71920" href="/en_us/business/products/detection-response/attack-surface-management.html">Learn more</a>
		</div>
		<div class="leaf-image">
			<img src="https://trendmicro.scene7.com/is/image/trendmicro/asrm-console-shot?scl=1.0&qlt=95&fmt=webp-alpha"/>
		</div>
	</li>

	
</ul>
</li>
			
				<li>
<div class="label leaf">
	<a class="menu-link" href="/en_us/business/products/detection-response/xdr.html">XDR (Extended Detection &amp; Response)</a>
</div>
<ul class="leaf nav-item-leaf">
	<!-- This fake child menu should be a desktop enhancement only. Mobile never uses it -->
	<li class="desktop-leaf-child">
		<div class="desktop-leaf-child-text">
			
			<div class="title">XDR (Extended Detection &amp; Response)</div>
			<p class="copy">Stop adversaries faster with a broader perspective and better context to hunt, detect, investigate, and respond to threats from a single platform</p>
			<a class="leaf-button color-d71920" href="/en_us/business/products/detection-response/xdr.html">Learn more</a>
		</div>
		<div class="leaf-image">
			<img src="https://trendmicro.scene7.com/is/image/trendmicro/xdr-product-console-shot?scl=1.0&qlt=95&fmt=webp-alpha"/>
		</div>
	</li>

	
</ul>
</li>
			
				<li>
<div class="label branch">
	<a class="menu-link" href="/en_us/business/products/endpoint-security.html">Endpoint Security</a>
</div>
<ul class="branch nav-item-2">
	<!-- This fake child menu should be a desktop enhancement only. Mobile never uses it -->
	

	
	<li>
<div class="label leaf">
	<a class="menu-link" href="/en_us/business/products/endpoint-security.html">Endpoint Security</a>
</div>
<ul class="leaf nav-item-leaf">
	<!-- This fake child menu should be a desktop enhancement only. Mobile never uses it -->
	<li class="desktop-leaf-child">
		<div class="desktop-leaf-child-text">
			
			<div class="title">Endpoint Security Overview</div>
			<p class="copy">Defend the endpoint through every stage of an attack</p>
			<a class="leaf-button color-d71920" href="/en_us/business/products/endpoint-security.html">Learn more</a>
		</div>
		<div class="leaf-image">
			
		</div>
	</li>

	
</ul>
</li>
	
	<li>
<div class="label leaf">
	<a class="menu-link" href="/en_us/business/products/endpoint-security/workload-security.html">Workload Security</a>
</div>
<ul class="leaf nav-item-leaf">
	<!-- This fake child menu should be a desktop enhancement only. Mobile never uses it -->
	<li class="desktop-leaf-child">
		<div class="desktop-leaf-child-text">
			
			<div class="title">Workload Security</div>
			<p class="copy">Optimized prevention, detection, and response for endpoints, servers, and cloud workloads</p>
			<a class="leaf-button color-d71920" href="/en_us/business/products/endpoint-security/workload-security.html">Learn more</a>
		</div>
		<div class="leaf-image">
			
		</div>
	</li>

	
</ul>
</li>
	
	<li>
<div class="label leaf">
	<a class="menu-link" href="/en_us/business/products/iot/industrial-endpoint-security.html">Industrial Endpoint Security</a>
</div>
<ul class="leaf nav-item-leaf">
	<!-- This fake child menu should be a desktop enhancement only. Mobile never uses it -->
	<li class="desktop-leaf-child">
		<div class="desktop-leaf-child-text">
			
			<div class="title">Industrial Endpoint Security</div>
			
			<a class="leaf-button color-d71920" href="/en_us/business/products/iot/industrial-endpoint-security.html">Learn more</a>
		</div>
		<div class="leaf-image">
			
		</div>
	</li>

	
</ul>
</li>
	
</ul>
</li>
			
				<li>
<div class="label branch">
	<a class="menu-link" href="/en_us/business/products/hybrid-cloud.html">Cloud Security</a>
</div>
<ul class="branch nav-item-2">
	<!-- This fake child menu should be a desktop enhancement only. Mobile never uses it -->
	

	
	<li>
<div class="label leaf">
	<a class="menu-link" href="/en_us/business/products/hybrid-cloud.html">Cloud Security</a>
</div>
<ul class="leaf nav-item-leaf">
	<!-- This fake child menu should be a desktop enhancement only. Mobile never uses it -->
	<li class="desktop-leaf-child">
		<div class="desktop-leaf-child-text">
			<div class="subtitle">Trend Cloud One</div>
			<div class="title">Cloud Security Overview</div>
			<p class="copy">The most trusted cloud security platform for developers, security teams, and businesses</p>
			<a class="leaf-button color-d71920" href="/en_us/business/products/hybrid-cloud.html">Learn more</a>
		</div>
		<div class="leaf-image">
			
		</div>
	</li>

	
</ul>
</li>
	
	<li>
<div class="label leaf">
	<a class="menu-link" href="/en_us/business/products/hybrid-cloud/cloud-one-conformity.html">Cloud Security Posture Management</a>
</div>
<ul class="leaf nav-item-leaf">
	<!-- This fake child menu should be a desktop enhancement only. Mobile never uses it -->
	<li class="desktop-leaf-child">
		<div class="desktop-leaf-child-text">
			
			<div class="title">Cloud Security Posture Management</div>
			<p class="copy">Leverage complete visibility and rapid remediation</p>
			<a class="leaf-button color-d71920" href="/en_us/business/products/hybrid-cloud/cloud-one-conformity.html">Learn more</a>
		</div>
		<div class="leaf-image">
			<img src="https://trendmicro.scene7.com/is/image/trendmicro/cloud-one-conformity-console-shot?scl=1.0&qlt=95&fmt=webp-alpha"/>
		</div>
	</li>

	
</ul>
</li>
	
	<li>
<div class="label leaf">
	<a class="menu-link" href="/en_us/business/products/hybrid-cloud/cloud-one-container-image-security.html">Container Security</a>
</div>
<ul class="leaf nav-item-leaf">
	<!-- This fake child menu should be a desktop enhancement only. Mobile never uses it -->
	<li class="desktop-leaf-child">
		<div class="desktop-leaf-child-text">
			
			<div class="title">Container Security</div>
			<p class="copy">Simplify security for your cloud-native applications with advanced container image scanning, policy-based admission control, and container runtime protection</p>
			<a class="leaf-button color-d71920" href="/en_us/business/products/hybrid-cloud/cloud-one-container-image-security.html">Learn more</a>
		</div>
		<div class="leaf-image">
			<img src="https://trendmicro.scene7.com/is/image/trendmicro/cloud-one-container-console-shot?scl=1.0&qlt=95&fmt=webp-alpha"/>
		</div>
	</li>

	
</ul>
</li>
	
	<li>
<div class="label leaf">
	<a class="menu-link" href="/en_us/business/products/hybrid-cloud/cloud-one-file-storage-security.html">File Storage Security</a>
</div>
<ul class="leaf nav-item-leaf">
	<!-- This fake child menu should be a desktop enhancement only. Mobile never uses it -->
	<li class="desktop-leaf-child">
		<div class="desktop-leaf-child-text">
			
			<div class="title">File Storage Security</div>
			<p class="copy">Security for cloud file/object storage services leveraging cloud-native application architectures</p>
			<a class="leaf-button color-d71920" href="/en_us/business/products/hybrid-cloud/cloud-one-file-storage-security.html">Learn more</a>
		</div>
		<div class="leaf-image">
			<img src="https://trendmicro.scene7.com/is/image/trendmicro/cloud-one-file-storage-console-shot?scl=1.0&qlt=95&fmt=webp-alpha"/>
		</div>
	</li>

	
</ul>
</li>
	
	<li>
<div class="label leaf">
	<a class="menu-link" href="/en_us/business/products/hybrid-cloud/cloud-one-network-security.html">Network Security</a>
</div>
<ul class="leaf nav-item-leaf">
	<!-- This fake child menu should be a desktop enhancement only. Mobile never uses it -->
	<li class="desktop-leaf-child">
		<div class="desktop-leaf-child-text">
			
			<div class="title">Network Security</div>
			<p class="copy">Advanced cloud-native network security detection, protection, and cyber threat disruption for your single and multi-cloud environments.</p>
			<a class="leaf-button color-d71920" href="/en_us/business/products/hybrid-cloud/cloud-one-network-security.html">Learn more</a>
		</div>
		<div class="leaf-image">
			<img src="https://trendmicro.scene7.com/is/image/trendmicro/cloud-one-network-security-console-shot?scl=1.0&qlt=95&fmt=webp-alpha"/>
		</div>
	</li>

	
</ul>
</li>
	
	<li>
<div class="label leaf">
	<a class="menu-link" href="/en_us/business/products/hybrid-cloud/cloud-one-open-source-security-by-snyk.html">Open Source Security</a>
</div>
<ul class="leaf nav-item-leaf">
	<!-- This fake child menu should be a desktop enhancement only. Mobile never uses it -->
	<li class="desktop-leaf-child">
		<div class="desktop-leaf-child-text">
			
			<div class="title">Open Source Security</div>
			<p class="copy">Visibility and monitoring of open source vulnerabilities for SecOps</p>
			<a class="leaf-button color-d71920" href="/en_us/business/products/hybrid-cloud/cloud-one-open-source-security-by-snyk.html">Learn more</a>
		</div>
		<div class="leaf-image">
			<img src="https://trendmicro.scene7.com/is/image/trendmicro/cloud-one-open-source-security-snyk-console-shot?scl=1.0&qlt=95&fmt=webp-alpha"/>
		</div>
	</li>

	
</ul>
</li>
	
	<li>
<div class="label leaf">
	<a class="menu-link" href="/en_us/business/products/hybrid-cloud/cloud-sentry.html">Cloud Visibility</a>
</div>
<ul class="leaf nav-item-leaf">
	<!-- This fake child menu should be a desktop enhancement only. Mobile never uses it -->
	<li class="desktop-leaf-child">
		<div class="desktop-leaf-child-text">
			
			<div class="title">Cloud Visibility</div>
			<p class="copy">As your organization continues to move data and apps to the cloud and transform your IT infrastructure, mitigating risk without slowing down the business is critical.</p>
			<a class="leaf-button color-d71920" href="/en_us/business/products/hybrid-cloud/cloud-sentry.html">Learn more</a>
		</div>
		<div class="leaf-image">
			<img src="https://trendmicro.scene7.com/is/image/trendmicro/cloud-sentry-console-shot?scl=1.0&qlt=95&fmt=webp-alpha"/>
		</div>
	</li>

	
</ul>
</li>
	
</ul>
</li>
			
				<li>
<div class="label branch">
	<a class="menu-link" href="/en_us/business/products/network.html">Network Security</a>
</div>
<ul class="branch nav-item-2">
	<!-- This fake child menu should be a desktop enhancement only. Mobile never uses it -->
	

	
	<li>
<div class="label leaf">
	<a class="menu-link" href="/en_us/business/products/network.html">Network Security</a>
</div>
<ul class="leaf nav-item-leaf">
	<!-- This fake child menu should be a desktop enhancement only. Mobile never uses it -->
	<li class="desktop-leaf-child">
		<div class="desktop-leaf-child-text">
			
			<div class="title">Network Security Overview</div>
			<p class="copy">Expand the power of XDR with network detection and response</p>
			<a class="leaf-button color-d71920" href="/en_us/business/products/network.html">Learn more</a>
		</div>
		<div class="leaf-image">
			
		</div>
	</li>

	
</ul>
</li>
	
	<li>
<div class="label leaf">
	<a class="menu-link" href="/en_us/business/products/network/intrusion-prevention.html">Network Intrusion Prevention (IPS)</a>
</div>
<ul class="leaf nav-item-leaf">
	<!-- This fake child menu should be a desktop enhancement only. Mobile never uses it -->
	<li class="desktop-leaf-child">
		<div class="desktop-leaf-child-text">
			
			<div class="title">Network Intrusion Prevention (IPS)</div>
			<p class="copy">Protect against known, unknown, and undisclosed vulnerabilities in your network</p>
			<a class="leaf-button color-d71920" href="/en_us/business/products/network/intrusion-prevention.html">Learn more</a>
		</div>
		<div class="leaf-image">
			
		</div>
	</li>

	
</ul>
</li>
	
	<li>
<div class="label leaf">
	<a class="menu-link" href="/en_us/business/products/network/advanced-threat-protection.html">Breach Detection System (BDS)</a>
</div>
<ul class="leaf nav-item-leaf">
	<!-- This fake child menu should be a desktop enhancement only. Mobile never uses it -->
	<li class="desktop-leaf-child">
		<div class="desktop-leaf-child-text">
			
			<div class="title">Breach Detection System (BDS)</div>
			<p class="copy">Detect and respond to targeted attacks moving inbound, outbound, and laterally</p>
			<a class="leaf-button color-d71920" href="/en_us/business/products/network/advanced-threat-protection.html">Learn more</a>
		</div>
		<div class="leaf-image">
			
		</div>
	</li>

	
</ul>
</li>
	
	<li>
<div class="label leaf">
	<a class="menu-link" href="/en_us/business/products/network/zero-trust-secure-access.html">Secure Service Edge (SSE)</a>
</div>
<ul class="leaf nav-item-leaf">
	<!-- This fake child menu should be a desktop enhancement only. Mobile never uses it -->
	<li class="desktop-leaf-child">
		<div class="desktop-leaf-child-text">
			
			<div class="title">Secure Service Edge (SSE)</div>
			<p class="copy">Redefine trust and secure digital transformation with continuous risk assessments</p>
			<a class="leaf-button color-d71920" href="/en_us/business/products/network/zero-trust-secure-access.html">Learn more</a>
		</div>
		<div class="leaf-image">
			<img src="https://trendmicro.scene7.com/is/image/trendmicro/zero-trust-access-console-shot?scl=1.0&qlt=95&fmt=webp-alpha"/>
		</div>
	</li>

	
</ul>
</li>
	
	<li>
<div class="label leaf">
	<a class="menu-link" href="/en_us/business/products/iot/industrial-network-security.html">Industrial Network Security</a>
</div>
<ul class="leaf nav-item-leaf">
	<!-- This fake child menu should be a desktop enhancement only. Mobile never uses it -->
	<li class="desktop-leaf-child">
		<div class="desktop-leaf-child-text">
			
			<div class="title">Industrial Network Security</div>
			
			<a class="leaf-button color-d71920" href="/en_us/business/products/iot/industrial-network-security.html">Learn more</a>
		</div>
		<div class="leaf-image">
			
		</div>
	</li>

	
</ul>
</li>
	
</ul>
</li>
			
				<li>
<div class="label leaf">
	<a class="menu-link" href="/en_us/business/products/user-protection/sps/email-and-collaboration.html">Email Security</a>
</div>
<ul class="leaf nav-item-leaf">
	<!-- This fake child menu should be a desktop enhancement only. Mobile never uses it -->
	<li class="desktop-leaf-child">
		<div class="desktop-leaf-child-text">
			
			<div class="title">Email Security</div>
			<p class="copy">Stop phishing, malware, ransomware, fraud, and targeted attacks from infiltrating your enterprise</p>
			<a class="leaf-button color-d71920" href="/en_us/business/products/user-protection/sps/email-and-collaboration.html">Learn more</a>
		</div>
		<div class="leaf-image">
			<img src="https://trendmicro.scene7.com/is/image/trendmicro/email-security-console-shot?scl=1.0&qlt=95&fmt=webp-alpha"/>
		</div>
	</li>

	
</ul>
</li>
			
				<li>
<div class="label leaf">
	<a class="menu-link" href="/en_us/business/products/user-protection/sps/mobile-security-enterprise.html">Mobile Security</a>
</div>
<ul class="leaf nav-item-leaf">
	<!-- This fake child menu should be a desktop enhancement only. Mobile never uses it -->
	<li class="desktop-leaf-child">
		<div class="desktop-leaf-child-text">
			
			<div class="title">Mobile Security</div>
			<p class="copy">On-premises and cloud protection against malware, malicious applications, and other mobile threats</p>
			<a class="leaf-button color-d71920" href="/en_us/business/products/user-protection/sps/mobile-security-enterprise.html">Learn more</a>
		</div>
		<div class="leaf-image">
			<img src="https://trendmicro.scene7.com/is/image/trendmicro/sps-mobile-security-enterprise-console-shot?scl=1.0&qlt=95&fmt=webp-alpha"/>
		</div>
	</li>

	
</ul>
</li>
			
				<li>
<div class="label leaf">
	<a class="menu-link" href="/en_us/business/products/network/intrusion-prevention/threat-intelligence.html">Threat Intelligence</a>
</div>
<ul class="leaf nav-item-leaf">
	<!-- This fake child menu should be a desktop enhancement only. Mobile never uses it -->
	<li class="desktop-leaf-child">
		<div class="desktop-leaf-child-text">
			
			<div class="title">Threat Intelligence</div>
			<p class="copy">Keep ahead of the latest threats and protect your critical data with ongoing threat prevention and analysis</p>
			<a class="leaf-button color-d71920" href="/en_us/business/products/network/intrusion-prevention/threat-intelligence.html">Learn more</a>
		</div>
		<div class="leaf-image">
			
		</div>
	</li>

	
</ul>
</li>
			
				<li>
<div class="label leaf">
	<a class="menu-link" href="/en_us/small-business/worry-free-services-suites.html">Small &amp; Midsized Business Security</a>
</div>
<ul class="leaf nav-item-leaf">
	<!-- This fake child menu should be a desktop enhancement only. Mobile never uses it -->
	<li class="desktop-leaf-child">
		<div class="desktop-leaf-child-text">
			
			<div class="title">Small &amp; Midsized Business Security</div>
			<p class="copy">Stop threats with comprehensive, set-it-and-forget-it protection</p>
			<a class="leaf-button color-d71920" href="/en_us/small-business/worry-free-services-suites.html">Learn more</a>
		</div>
		<div class="leaf-image">
			<img src="https://trendmicro.scene7.com/is/image/trendmicro/small-business-worry-free-service-console-shot?scl=1.0&qlt=95&fmt=webp-alpha"/>
		</div>
	</li>

	
</ul>
</li>
			
				<li>
<div class="label leaf">
	<a class="menu-link" href="/en_us/business/products.html">All Products, Services and Trials</a>
</div>
<ul class="leaf nav-item-leaf">
	<!-- This fake child menu should be a desktop enhancement only. Mobile never uses it -->
	<li class="desktop-leaf-child">
		<div class="desktop-leaf-child-text">
			
			<div class="title">All Products, Services and Trials</div>
			
			<a class="leaf-button color-d71920" href="/en_us/business/products.html">Learn more</a>
		</div>
		<div class="leaf-image">
			<img src="https://trendmicro.scene7.com/is/image/trendmicro/all-products-console-shot?scl=1.0&qlt=95&fmt=webp-alpha"/>
		</div>
	</li>

	
</ul>
</li>
			</ul>
		</li>
	
		<li>
			<!-- Level 0, top menu -->
			<div class="label">Research</div>
			<ul class="sub-menu nav-level-1">
				<li>
<div class="label branch">
	<a class="menu-link" href="/en_us/about/threat-research.html">Research</a>
</div>
<ul class="branch nav-item-2">
	<!-- This fake child menu should be a desktop enhancement only. Mobile never uses it -->
	

	
	<li>
<div class="label leaf">
	<a class="menu-link" href="/en_us/about/threat-research.html">Research</a>
</div>
<ul class="leaf nav-item-leaf">
	<!-- This fake child menu should be a desktop enhancement only. Mobile never uses it -->
	<li class="desktop-leaf-child">
		<div class="desktop-leaf-child-text">
			
			<div class="title">Research</div>
			
			<a class="leaf-button color-d71920" href="/en_us/about/threat-research.html">Learn more</a>
		</div>
		<div class="leaf-image">
			
		</div>
	</li>

	
</ul>
</li>
	
	<li>
<div class="label leaf">
	<a class="menu-link" href="/en_us/about/threat-research.html">About Our Research</a>
</div>
<ul class="leaf nav-item-leaf">
	<!-- This fake child menu should be a desktop enhancement only. Mobile never uses it -->
	<li class="desktop-leaf-child">
		<div class="desktop-leaf-child-text">
			
			<div class="title">About Our Research</div>
			
			<a class="leaf-button color-d71920" href="/en_us/about/threat-research.html">Learn more</a>
		</div>
		<div class="leaf-image">
			
		</div>
	</li>

	
</ul>
</li>
	
	<li>
<div class="label leaf">
	<a class="menu-link" href="/en_us/research.html">Research, News, and Perspectives</a>
</div>
<ul class="leaf nav-item-leaf">
	<!-- This fake child menu should be a desktop enhancement only. Mobile never uses it -->
	<li class="desktop-leaf-child">
		<div class="desktop-leaf-child-text">
			
			<div class="title">Research, News, and Perspectives</div>
			
			<a class="leaf-button color-d71920" href="/en_us/research.html">Learn more</a>
		</div>
		<div class="leaf-image">
			
		</div>
	</li>

	
</ul>
</li>
	
	<li>
<div class="label leaf">
	<a class="menu-link" href="https://www.trendmicro.com/vinfo/us/security/research-and-analysis/">Research and Analysis</a>
</div>
<ul class="leaf nav-item-leaf">
	<!-- This fake child menu should be a desktop enhancement only. Mobile never uses it -->
	<li class="desktop-leaf-child">
		<div class="desktop-leaf-child-text">
			
			<div class="title">Research and Analysis</div>
			
			<a class="leaf-button color-d71920" href="https://www.trendmicro.com/vinfo/us/security/research-and-analysis/">Learn more</a>
		</div>
		<div class="leaf-image">
			
		</div>
	</li>

	
</ul>
</li>
	
	<li>
<div class="label leaf">
	<a class="menu-link" href="/en_us/research.html">Blog</a>
</div>
<ul class="leaf nav-item-leaf">
	<!-- This fake child menu should be a desktop enhancement only. Mobile never uses it -->
	<li class="desktop-leaf-child">
		<div class="desktop-leaf-child-text">
			
			<div class="title">Blog</div>
			
			<a class="leaf-button color-d71920" href="/en_us/research.html">Learn more</a>
		</div>
		<div class="leaf-image">
			
		</div>
	</li>

	
</ul>
</li>
	
	<li>
<div class="label leaf">
	<a class="menu-link" href="https://www.trendmicro.com/vinfo/us/security/news/" target="_blank" rel="noopener noreferrer">Security News</a>
</div>
<ul class="leaf nav-item-leaf">
	<!-- This fake child menu should be a desktop enhancement only. Mobile never uses it -->
	<li class="desktop-leaf-child">
		<div class="desktop-leaf-child-text">
			
			<div class="title">Security News</div>
			
			<a class="leaf-button color-d71920" href="https://www.trendmicro.com/vinfo/us/security/news/" target="_blank" rel="noopener noreferrer">Learn more</a>
		</div>
		<div class="leaf-image">
			
		</div>
	</li>

	
</ul>
</li>
	
	<li>
<div class="label leaf">
	<a class="menu-link" href="https://www.zerodayinitiative.com/about/" target="_blank" rel="noopener noreferrer">Zero Day Initiatives (ZDI)</a>
</div>
<ul class="leaf nav-item-leaf">
	<!-- This fake child menu should be a desktop enhancement only. Mobile never uses it -->
	<li class="desktop-leaf-child">
		<div class="desktop-leaf-child-text">
			
			<div class="title">Zero Day Initiatives (ZDI)</div>
			
			<a class="leaf-button color-d71920" href="https://www.zerodayinitiative.com/about/" target="_blank" rel="noopener noreferrer">Learn more</a>
		</div>
		<div class="leaf-image">
			
		</div>
	</li>

	
</ul>
</li>
	
</ul>
</li>
			</ul>
		</li>
	
		<li>
			<!-- Level 0, top menu -->
			<div class="label">Services</div>
			<ul class="sub-menu nav-level-1">
				<li>
<div class="label branch">
	<a class="menu-link" href="/en_us/business/services/service-one.html">Our Services</a>
</div>
<ul class="branch nav-item-2">
	<!-- This fake child menu should be a desktop enhancement only. Mobile never uses it -->
	

	
	<li>
<div class="label leaf">
	<a class="menu-link" href="/en_us/business/services/service-one.html">Our Services</a>
</div>
<ul class="leaf nav-item-leaf">
	<!-- This fake child menu should be a desktop enhancement only. Mobile never uses it -->
	<li class="desktop-leaf-child">
		<div class="desktop-leaf-child-text">
			
			<div class="title">Our Services</div>
			
			<a class="leaf-button color-d71920" href="/en_us/business/services/service-one.html">Learn more</a>
		</div>
		<div class="leaf-image">
			
		</div>
	</li>

	
</ul>
</li>
	
	<li>
<div class="label leaf">
	<a class="menu-link" href="/en_us/business/services/service-one.html">Service Packages</a>
</div>
<ul class="leaf nav-item-leaf">
	<!-- This fake child menu should be a desktop enhancement only. Mobile never uses it -->
	<li class="desktop-leaf-child">
		<div class="desktop-leaf-child-text">
			
			<div class="title">Service Packages</div>
			<p class="copy">Augment security teams with 24/7/365 managed detection, response, and support</p>
			<a class="leaf-button color-d71920" href="/en_us/business/services/service-one.html">Learn more</a>
		</div>
		<div class="leaf-image">
			
		</div>
	</li>

	
</ul>
</li>
	
	<li>
<div class="label leaf">
	<a class="menu-link" href="/en_us/business/services/managed-xdr.html">Managed XDR</a>
</div>
<ul class="leaf nav-item-leaf">
	<!-- This fake child menu should be a desktop enhancement only. Mobile never uses it -->
	<li class="desktop-leaf-child">
		<div class="desktop-leaf-child-text">
			
			<div class="title">Managed XDR</div>
			<p class="copy">Augment threat detection with expertly managed detection and response (MDR) for email, endpoints, servers, cloud workloads, and networks</p>
			<a class="leaf-button color-d71920" href="/en_us/business/services/managed-xdr.html">Learn more</a>
		</div>
		<div class="leaf-image">
			
		</div>
	</li>

	
</ul>
</li>
	
	<li>
<div class="label leaf">
	<a class="menu-link" href="/en_us/business/services/incident-response.html">Incident Response</a>
</div>
<ul class="leaf nav-item-leaf">
	<!-- This fake child menu should be a desktop enhancement only. Mobile never uses it -->
	<li class="desktop-leaf-child">
		<div class="desktop-leaf-child-text">
			
			<div class="title">Incident Response</div>
			<p class="copy">Our trusted experts are on call whether you&#39;re experiencing a breach or looking to proactively improve your IR plans</p>
			<a class="leaf-button color-d71920" href="/en_us/business/services/incident-response.html">Learn more</a>
		</div>
		<div class="leaf-image">
			
		</div>
	</li>

	
</ul>
</li>
	
	<li>
<div class="label leaf">
	<a class="menu-link" href="/en_us/business/services/support-services.html">Support Services</a>
</div>
<ul class="leaf nav-item-leaf">
	<!-- This fake child menu should be a desktop enhancement only. Mobile never uses it -->
	<li class="desktop-leaf-child">
		<div class="desktop-leaf-child-text">
			
			<div class="title">Support Services</div>
			
			<a class="leaf-button color-d71920" href="/en_us/business/services/support-services.html">Learn more</a>
		</div>
		<div class="leaf-image">
			
		</div>
	</li>

	
</ul>
</li>
	
</ul>
</li>
			</ul>
		</li>
	
		<li>
			<!-- Level 0, top menu -->
			<div class="label">Partners</div>
			<ul class="sub-menu nav-level-1">
				<li>
<div class="label branch">
	<a class="menu-link" href="/en_us/partners/channel-partners.html">Channel Partners</a>
</div>
<ul class="branch nav-item-2">
	<!-- This fake child menu should be a desktop enhancement only. Mobile never uses it -->
	

	
	<li>
<div class="label leaf">
	<a class="menu-link" href="/en_us/partners/channel-partners.html">Channel Partners</a>
</div>
<ul class="leaf nav-item-leaf">
	<!-- This fake child menu should be a desktop enhancement only. Mobile never uses it -->
	<li class="desktop-leaf-child">
		<div class="desktop-leaf-child-text">
			
			<div class="title">Channel Partner Overview</div>
			<p class="copy">Grow your business and protect your customers with the best-in-class complete, multilayered security</p>
			<a class="leaf-button color-d71920" href="/en_us/partners/channel-partners.html">Learn more</a>
		</div>
		<div class="leaf-image">
			
		</div>
	</li>

	
</ul>
</li>
	
	<li>
<div class="label leaf">
	<a class="menu-link" href="/en_us/partners/channel-partners/managed-security-service-provider.html">Managed Security Service Provider</a>
</div>
<ul class="leaf nav-item-leaf">
	<!-- This fake child menu should be a desktop enhancement only. Mobile never uses it -->
	<li class="desktop-leaf-child">
		<div class="desktop-leaf-child-text">
			
			<div class="title">Managed Security Service Provider</div>
			<p class="copy">Deliver modern security operations services with our industry-leading XDR</p>
			<a class="leaf-button color-d71920" href="/en_us/partners/channel-partners/managed-security-service-provider.html">Learn more</a>
		</div>
		<div class="leaf-image">
			
		</div>
	</li>

	
</ul>
</li>
	
	<li>
<div class="label leaf">
	<a class="menu-link" href="/en_us/partners/channel-partners/managed-service-provider.html">Managed Service Provider</a>
</div>
<ul class="leaf nav-item-leaf">
	<!-- This fake child menu should be a desktop enhancement only. Mobile never uses it -->
	<li class="desktop-leaf-child">
		<div class="desktop-leaf-child-text">
			
			<div class="title">Managed Service Provider</div>
			<p class="copy">Partner with a leading expert in cybersecurity, leverage proven solutions designed for MSPs</p>
			<a class="leaf-button color-d71920" href="/en_us/partners/channel-partners/managed-service-provider.html">Learn more</a>
		</div>
		<div class="leaf-image">
			
		</div>
	</li>

	
</ul>
</li>
	
	<li>
<div class="label leaf">
	<a class="menu-link" href="/en_us/partners/channel-partners/cloud-service-provider.html">Cloud Service Provider</a>
</div>
<ul class="leaf nav-item-leaf">
	<!-- This fake child menu should be a desktop enhancement only. Mobile never uses it -->
	<li class="desktop-leaf-child">
		<div class="desktop-leaf-child-text">
			
			<div class="title">Cloud Service Provider</div>
			<p class="copy">Add market-leading security to your cloud service offerings – no matter which platform you use</p>
			<a class="leaf-button color-d71920" href="/en_us/partners/channel-partners/cloud-service-provider.html">Learn more</a>
		</div>
		<div class="leaf-image">
			
		</div>
	</li>

	
</ul>
</li>
	
	<li>
<div class="label leaf">
	<a class="menu-link" href="/en_us/partners/channel-partners/professional-services-partner.html">Professional Services</a>
</div>
<ul class="leaf nav-item-leaf">
	<!-- This fake child menu should be a desktop enhancement only. Mobile never uses it -->
	<li class="desktop-leaf-child">
		<div class="desktop-leaf-child-text">
			
			<div class="title">Professional Services</div>
			<p class="copy">Increase revenue with industry-leading security</p>
			<a class="leaf-button color-d71920" href="/en_us/partners/channel-partners/professional-services-partner.html">Learn more</a>
		</div>
		<div class="leaf-image">
			
		</div>
	</li>

	
</ul>
</li>
	
	<li>
<div class="label leaf">
	<a class="menu-link" href="/en_us/partners/channel-partners/resellers.html">Resellers</a>
</div>
<ul class="leaf nav-item-leaf">
	<!-- This fake child menu should be a desktop enhancement only. Mobile never uses it -->
	<li class="desktop-leaf-child">
		<div class="desktop-leaf-child-text">
			
			<div class="title">Resellers</div>
			<p class="copy">Discover the possibilities</p>
			<a class="leaf-button color-d71920" href="/en_us/partners/channel-partners/resellers.html">Learn more</a>
		</div>
		<div class="leaf-image">
			
		</div>
	</li>

	
</ul>
</li>
	
	<li>
<div class="label leaf">
	<a class="menu-link" href="/en_us/partners/channel-partners/marketplace.html">Marketplace</a>
</div>
<ul class="leaf nav-item-leaf">
	<!-- This fake child menu should be a desktop enhancement only. Mobile never uses it -->
	<li class="desktop-leaf-child">
		<div class="desktop-leaf-child-text">
			
			<div class="title">Marketplace</div>
			
			<a class="leaf-button color-d71920" href="/en_us/partners/channel-partners/marketplace.html">Learn more</a>
		</div>
		<div class="leaf-image">
			
		</div>
	</li>

	
</ul>
</li>
	
	<li>
<div class="label leaf">
	<a class="menu-link" href="/en_us/partners/channel-partners/systems-integrator.html">System Integrators</a>
</div>
<ul class="leaf nav-item-leaf">
	<!-- This fake child menu should be a desktop enhancement only. Mobile never uses it -->
	<li class="desktop-leaf-child">
		<div class="desktop-leaf-child-text">
			
			<div class="title">System Integrators</div>
			
			<a class="leaf-button color-d71920" href="/en_us/partners/channel-partners/systems-integrator.html">Learn more</a>
		</div>
		<div class="leaf-image">
			
		</div>
	</li>

	
</ul>
</li>
	
</ul>
</li>
			
				<li>
<div class="label branch">
	<a class="menu-link" href="/en_us/partners/alliance-partners.html">Alliance Partners</a>
</div>
<ul class="branch nav-item-2">
	<!-- This fake child menu should be a desktop enhancement only. Mobile never uses it -->
	

	
	<li>
<div class="label leaf">
	<a class="menu-link" href="/en_us/partners/alliance-partners.html">Alliance Partners</a>
</div>
<ul class="leaf nav-item-leaf">
	<!-- This fake child menu should be a desktop enhancement only. Mobile never uses it -->
	<li class="desktop-leaf-child">
		<div class="desktop-leaf-child-text">
			
			<div class="title">Alliance Overview</div>
			<p class="copy">We work with the best to help you optimize performance and value</p>
			<a class="leaf-button color-d71920" href="/en_us/partners/alliance-partners.html">Learn more</a>
		</div>
		<div class="leaf-image">
			
		</div>
	</li>

	
</ul>
</li>
	
	<li>
<div class="label leaf">
	<a class="menu-link" href="/en_us/partners/alliance-partners/technology.html">Technology Alliance Partners</a>
</div>
<ul class="leaf nav-item-leaf">
	<!-- This fake child menu should be a desktop enhancement only. Mobile never uses it -->
	<li class="desktop-leaf-child">
		<div class="desktop-leaf-child-text">
			
			<div class="title">Technology Alliance Partners</div>
			
			<a class="leaf-button color-d71920" href="/en_us/partners/alliance-partners/technology.html">Learn more</a>
		</div>
		<div class="leaf-image">
			
		</div>
	</li>

	
</ul>
</li>
	
	<li>
<div class="label leaf">
	<a class="menu-link" href="/en_us/partners/alliance-partners/explore-alliance-partners.html">Our Alliance Partners</a>
</div>
<ul class="leaf nav-item-leaf">
	<!-- This fake child menu should be a desktop enhancement only. Mobile never uses it -->
	<li class="desktop-leaf-child">
		<div class="desktop-leaf-child-text">
			
			<div class="title">Our Alliance Partners</div>
			
			<a class="leaf-button color-d71920" href="/en_us/partners/alliance-partners/explore-alliance-partners.html">Learn more</a>
		</div>
		<div class="leaf-image">
			
		</div>
	</li>

	
</ul>
</li>
	
</ul>
</li>
			
				<li>
<div class="label branch">
	<a class="menu-link" href="/en_us/partners.html#tools">Partner Tools</a>
</div>
<ul class="branch nav-item-2">
	<!-- This fake child menu should be a desktop enhancement only. Mobile never uses it -->
	

	
	<li>
<div class="label leaf">
	<a class="menu-link" href="/en_us/partners.html#tools">Partner Tools</a>
</div>
<ul class="leaf nav-item-leaf">
	<!-- This fake child menu should be a desktop enhancement only. Mobile never uses it -->
	<li class="desktop-leaf-child">
		<div class="desktop-leaf-child-text">
			
			<div class="title">Partner Tools</div>
			
			<a class="leaf-button color-d71920" href="/en_us/partners.html#tools">Learn more</a>
		</div>
		<div class="leaf-image">
			
		</div>
	</li>

	
</ul>
</li>
	
	<li>
<div class="label leaf">
	<a class="menu-link" href="https://community-trendmicro.force.com/Gpartner/s/" target="_blank" rel="noopener noreferrer">Partner Login</a>
</div>
<ul class="leaf nav-item-leaf">
	<!-- This fake child menu should be a desktop enhancement only. Mobile never uses it -->
	<li class="desktop-leaf-child">
		<div class="desktop-leaf-child-text">
			
			<div class="title">Partner Login</div>
			
			<a class="leaf-button color-d71920" href="https://community-trendmicro.force.com/Gpartner/s/" target="_blank" rel="noopener noreferrer">Login</a>
		</div>
		<div class="leaf-image">
			
		</div>
	</li>

	
</ul>
</li>
	
	<li>
<div class="label leaf">
	<a class="menu-link" href="/en_us/business/services/support-services/education.html">Education and Certification</a>
</div>
<ul class="leaf nav-item-leaf">
	<!-- This fake child menu should be a desktop enhancement only. Mobile never uses it -->
	<li class="desktop-leaf-child">
		<div class="desktop-leaf-child-text">
			
			<div class="title">Education and Certification</div>
			
			<a class="leaf-button color-d71920" href="/en_us/business/services/support-services/education.html">Learn more</a>
		</div>
		<div class="leaf-image">
			
		</div>
	</li>

	
</ul>
</li>
	
	<li>
<div class="label leaf">
	<a class="menu-link" href="/en_us/partners/partner-stories.html">Partner Successes</a>
</div>
<ul class="leaf nav-item-leaf">
	<!-- This fake child menu should be a desktop enhancement only. Mobile never uses it -->
	<li class="desktop-leaf-child">
		<div class="desktop-leaf-child-text">
			
			<div class="title">Partner Successes</div>
			
			<a class="leaf-button color-d71920" href="/en_us/partners/partner-stories.html">Learn more</a>
		</div>
		<div class="leaf-image">
			
		</div>
	</li>

	
</ul>
</li>
	
	<li>
<div class="label leaf">
	<a class="menu-link" href="/en_us/partners/distributors.html">Distributors</a>
</div>
<ul class="leaf nav-item-leaf">
	<!-- This fake child menu should be a desktop enhancement only. Mobile never uses it -->
	<li class="desktop-leaf-child">
		<div class="desktop-leaf-child-text">
			
			<div class="title">Distributors</div>
			
			<a class="leaf-button color-d71920" href="/en_us/partners/distributors.html">Learn more</a>
		</div>
		<div class="leaf-image">
			
		</div>
	</li>

	
</ul>
</li>
	
	<li>
<div class="label leaf">
	<a class="menu-link" href="/en_us/partners/find-a-partner.html">Find a Partner</a>
</div>
<ul class="leaf nav-item-leaf">
	<!-- This fake child menu should be a desktop enhancement only. Mobile never uses it -->
	<li class="desktop-leaf-child">
		<div class="desktop-leaf-child-text">
			
			<div class="title">Find a Partner</div>
			
			<a class="leaf-button color-d71920" href="/en_us/partners/find-a-partner.html">Learn more</a>
		</div>
		<div class="leaf-image">
			
		</div>
	</li>

	
</ul>
</li>
	
</ul>
</li>
			</ul>
		</li>
	
		<li>
			<!-- Level 0, top menu -->
			<div class="label">Company</div>
			<ul class="sub-menu nav-level-1">
				<li>
<div class="label branch">
	<a class="menu-link" href="/en_us/about/why-trend-micro.html">Why Trend Micro</a>
</div>
<ul class="branch nav-item-2">
	<!-- This fake child menu should be a desktop enhancement only. Mobile never uses it -->
	

	
	<li>
<div class="label leaf">
	<a class="menu-link" href="/en_us/about/why-trend-micro.html">Why Trend Micro</a>
</div>
<ul class="leaf nav-item-leaf">
	<!-- This fake child menu should be a desktop enhancement only. Mobile never uses it -->
	<li class="desktop-leaf-child">
		<div class="desktop-leaf-child-text">
			
			<div class="title">Why Trend Micro</div>
			
			<a class="leaf-button color-d71920" href="/en_us/about/why-trend-micro.html">Learn more</a>
		</div>
		<div class="leaf-image">
			
		</div>
	</li>

	
</ul>
</li>
	
	<li>
<div class="label leaf">
	<a class="menu-link" href="/en_us/about/why-trend-micro.html">The Trend Micro Difference</a>
</div>
<ul class="leaf nav-item-leaf">
	<!-- This fake child menu should be a desktop enhancement only. Mobile never uses it -->
	<li class="desktop-leaf-child">
		<div class="desktop-leaf-child-text">
			
			<div class="title">The Trend Micro Difference</div>
			
			<a class="leaf-button color-d71920" href="/en_us/about/why-trend-micro.html">Learn more</a>
		</div>
		<div class="leaf-image">
			
		</div>
	</li>

	
</ul>
</li>
	
	<li>
<div class="label leaf">
	<a class="menu-link" href="/en_us/about/customer-stories.html">Customer Success Stories</a>
</div>
<ul class="leaf nav-item-leaf">
	<!-- This fake child menu should be a desktop enhancement only. Mobile never uses it -->
	<li class="desktop-leaf-child">
		<div class="desktop-leaf-child-text">
			
			<div class="title">Customer Success Stories</div>
			
			<a class="leaf-button color-d71920" href="/en_us/about/customer-stories.html">Learn more</a>
		</div>
		<div class="leaf-image">
			
		</div>
	</li>

	
</ul>
</li>
	
	<li>
<div class="label leaf">
	<a class="menu-link" href="/en_us/about/human-connections.html">The Human Connection</a>
</div>
<ul class="leaf nav-item-leaf">
	<!-- This fake child menu should be a desktop enhancement only. Mobile never uses it -->
	<li class="desktop-leaf-child">
		<div class="desktop-leaf-child-text">
			
			<div class="title">The Human Connection</div>
			
			<a class="leaf-button color-d71920" href="/en_us/about/human-connections.html">Learn more</a>
		</div>
		<div class="leaf-image">
			
		</div>
	</li>

	
</ul>
</li>
	
	<li>
<div class="label leaf">
	<a class="menu-link" href="/en_us/about/industry-recognition.html">Industry Accolades</a>
</div>
<ul class="leaf nav-item-leaf">
	<!-- This fake child menu should be a desktop enhancement only. Mobile never uses it -->
	<li class="desktop-leaf-child">
		<div class="desktop-leaf-child-text">
			
			<div class="title">Industry Accolades</div>
			
			<a class="leaf-button color-d71920" href="/en_us/about/industry-recognition.html">Learn more</a>
		</div>
		<div class="leaf-image">
			
		</div>
	</li>

	
</ul>
</li>
	
	<li>
<div class="label leaf">
	<a class="menu-link" href="/en_us/partners/alliance-partners.html">Strategic Alliances</a>
</div>
<ul class="leaf nav-item-leaf">
	<!-- This fake child menu should be a desktop enhancement only. Mobile never uses it -->
	<li class="desktop-leaf-child">
		<div class="desktop-leaf-child-text">
			
			<div class="title">Strategic Alliances</div>
			
			<a class="leaf-button color-d71920" href="/en_us/partners/alliance-partners.html">Learn more</a>
		</div>
		<div class="leaf-image">
			
		</div>
	</li>

	
</ul>
</li>
	
</ul>
</li>
			
				<li>
<div class="label branch">
	<a class="menu-link" href="/en_us/about.html">About Us</a>
</div>
<ul class="branch nav-item-2">
	<!-- This fake child menu should be a desktop enhancement only. Mobile never uses it -->
	

	
	<li>
<div class="label leaf">
	<a class="menu-link" href="/en_us/about.html">About Us</a>
</div>
<ul class="leaf nav-item-leaf">
	<!-- This fake child menu should be a desktop enhancement only. Mobile never uses it -->
	<li class="desktop-leaf-child">
		<div class="desktop-leaf-child-text">
			
			<div class="title">About Us</div>
			
			<a class="leaf-button color-d71920" href="/en_us/about.html">Learn more</a>
		</div>
		<div class="leaf-image">
			
		</div>
	</li>

	
</ul>
</li>
	
	<li>
<div class="label leaf">
	<a class="menu-link" href="/en_us/about/trust-center.html">Trust Center</a>
</div>
<ul class="leaf nav-item-leaf">
	<!-- This fake child menu should be a desktop enhancement only. Mobile never uses it -->
	<li class="desktop-leaf-child">
		<div class="desktop-leaf-child-text">
			
			<div class="title">Trust Center</div>
			
			<a class="leaf-button color-d71920" href="/en_us/about/trust-center.html">Learn more</a>
		</div>
		<div class="leaf-image">
			
		</div>
	</li>

	
</ul>
</li>
	
	<li>
<div class="label leaf">
	<a class="menu-link" href="/en_us/about/history-vision-values.html">History</a>
</div>
<ul class="leaf nav-item-leaf">
	<!-- This fake child menu should be a desktop enhancement only. Mobile never uses it -->
	<li class="desktop-leaf-child">
		<div class="desktop-leaf-child-text">
			
			<div class="title">History</div>
			
			<a class="leaf-button color-d71920" href="/en_us/about/history-vision-values.html">Learn more</a>
		</div>
		<div class="leaf-image">
			
		</div>
	</li>

	
</ul>
</li>
	
	<li>
<div class="label leaf">
	<a class="menu-link" href="/en_us/about/diversity-inclusion.html">Diversity, Equity and Inclusion</a>
</div>
<ul class="leaf nav-item-leaf">
	<!-- This fake child menu should be a desktop enhancement only. Mobile never uses it -->
	<li class="desktop-leaf-child">
		<div class="desktop-leaf-child-text">
			
			<div class="title">Diversity, Equity and Inclusion</div>
			
			<a class="leaf-button color-d71920" href="/en_us/about/diversity-inclusion.html">Learn more</a>
		</div>
		<div class="leaf-image">
			
		</div>
	</li>

	
</ul>
</li>
	
	<li>
<div class="label leaf">
	<a class="menu-link" href="/en_us/about/corporate-social-responsibility.html">Corporate Social Responsibility</a>
</div>
<ul class="leaf nav-item-leaf">
	<!-- This fake child menu should be a desktop enhancement only. Mobile never uses it -->
	<li class="desktop-leaf-child">
		<div class="desktop-leaf-child-text">
			
			<div class="title">Corporate Social Responsibility</div>
			
			<a class="leaf-button color-d71920" href="/en_us/about/corporate-social-responsibility.html">Learn more</a>
		</div>
		<div class="leaf-image">
			
		</div>
	</li>

	
</ul>
</li>
	
	<li>
<div class="label leaf">
	<a class="menu-link" href="/en_us/about/leaders.html">Leadership</a>
</div>
<ul class="leaf nav-item-leaf">
	<!-- This fake child menu should be a desktop enhancement only. Mobile never uses it -->
	<li class="desktop-leaf-child">
		<div class="desktop-leaf-child-text">
			
			<div class="title">Leadership</div>
			
			<a class="leaf-button color-d71920" href="/en_us/about/leaders.html">Learn more</a>
		</div>
		<div class="leaf-image">
			
		</div>
	</li>

	
</ul>
</li>
	
	<li>
<div class="label leaf">
	<a class="menu-link" href="/en_us/about/leading-experts.html">Security Experts</a>
</div>
<ul class="leaf nav-item-leaf">
	<!-- This fake child menu should be a desktop enhancement only. Mobile never uses it -->
	<li class="desktop-leaf-child">
		<div class="desktop-leaf-child-text">
			
			<div class="title">Security Experts</div>
			
			<a class="leaf-button color-d71920" href="/en_us/about/leading-experts.html">Learn more</a>
		</div>
		<div class="leaf-image">
			
		</div>
	</li>

	
</ul>
</li>
	
	<li>
<div class="label leaf">
	<a class="menu-link" href="/en_us/initiative-education.html">Internet Safety and Cybersecurity Education</a>
</div>
<ul class="leaf nav-item-leaf">
	<!-- This fake child menu should be a desktop enhancement only. Mobile never uses it -->
	<li class="desktop-leaf-child">
		<div class="desktop-leaf-child-text">
			
			<div class="title">Internet Safety and Cybersecurity Education</div>
			
			<a class="leaf-button color-d71920" href="/en_us/initiative-education.html">Learn more</a>
		</div>
		<div class="leaf-image">
			
		</div>
	</li>

	
</ul>
</li>
	
	<li>
<div class="label leaf">
	<a class="menu-link" href="/en_us/about/legal.html">Legal</a>
</div>
<ul class="leaf nav-item-leaf">
	<!-- This fake child menu should be a desktop enhancement only. Mobile never uses it -->
	<li class="desktop-leaf-child">
		<div class="desktop-leaf-child-text">
			
			<div class="title">Legal</div>
			
			<a class="leaf-button color-d71920" href="/en_us/about/legal.html">Learn more</a>
		</div>
		<div class="leaf-image">
			
		</div>
	</li>

	
</ul>
</li>
	
	<li>
<div class="label leaf">
	<a class="menu-link" href="/en_us/about/investor-relations.html" target="_blank" rel="noopener noreferrer">Investors</a>
</div>
<ul class="leaf nav-item-leaf">
	<!-- This fake child menu should be a desktop enhancement only. Mobile never uses it -->
	<li class="desktop-leaf-child">
		<div class="desktop-leaf-child-text">
			
			<div class="title">Investors</div>
			
			<a class="leaf-button color-d71920" href="/en_us/about/investor-relations.html" target="_blank" rel="noopener noreferrer">Learn more</a>
		</div>
		<div class="leaf-image">
			
		</div>
	</li>

	
</ul>
</li>
	
</ul>
</li>
			
				<li>
<div class="label branch">
	<a class="menu-link" href="https://newsroom.trendmicro.com/" target="_blank" rel="noopener noreferrer">Connect with Us</a>
</div>
<ul class="branch nav-item-2">
	<!-- This fake child menu should be a desktop enhancement only. Mobile never uses it -->
	

	
	<li>
<div class="label leaf">
	<a class="menu-link" href="https://newsroom.trendmicro.com/" target="_blank" rel="noopener noreferrer">Connect with Us</a>
</div>
<ul class="leaf nav-item-leaf">
	<!-- This fake child menu should be a desktop enhancement only. Mobile never uses it -->
	<li class="desktop-leaf-child">
		<div class="desktop-leaf-child-text">
			
			<div class="title">Connect with Us</div>
			
			<a class="leaf-button color-d71920" href="https://newsroom.trendmicro.com/" target="_blank" rel="noopener noreferrer">Learn more</a>
		</div>
		<div class="leaf-image">
			
		</div>
	</li>

	
</ul>
</li>
	
	<li>
<div class="label leaf">
	<a class="menu-link" href="https://newsroom.trendmicro.com/">Newsroom</a>
</div>
<ul class="leaf nav-item-leaf">
	<!-- This fake child menu should be a desktop enhancement only. Mobile never uses it -->
	<li class="desktop-leaf-child">
		<div class="desktop-leaf-child-text">
			
			<div class="title">Newsroom</div>
			
			<a class="leaf-button color-d71920" href="https://newsroom.trendmicro.com/">Learn more</a>
		</div>
		<div class="leaf-image">
			
		</div>
	</li>

	
</ul>
</li>
	
	<li>
<div class="label leaf">
	<a class="menu-link" href="/en_us/about/events.html">Events</a>
</div>
<ul class="leaf nav-item-leaf">
	<!-- This fake child menu should be a desktop enhancement only. Mobile never uses it -->
	<li class="desktop-leaf-child">
		<div class="desktop-leaf-child-text">
			
			<div class="title">Events</div>
			
			<a class="leaf-button color-d71920" href="/en_us/about/events.html">Learn more</a>
		</div>
		<div class="leaf-image">
			
		</div>
	</li>

	
</ul>
</li>
	
	<li>
<div class="label leaf">
	<a class="menu-link" href="/en_us/about/careers.html">Careers</a>
</div>
<ul class="leaf nav-item-leaf">
	<!-- This fake child menu should be a desktop enhancement only. Mobile never uses it -->
	<li class="desktop-leaf-child">
		<div class="desktop-leaf-child-text">
			
			<div class="title">Careers</div>
			
			<a class="leaf-button color-d71920" href="/en_us/about/careers.html">Learn more</a>
		</div>
		<div class="leaf-image">
			
		</div>
	</li>

	
</ul>
</li>
	
	<li>
<div class="label leaf">
	<a class="menu-link" href="/en_us/about/webinars.html">Webinars</a>
</div>
<ul class="leaf nav-item-leaf">
	<!-- This fake child menu should be a desktop enhancement only. Mobile never uses it -->
	<li class="desktop-leaf-child">
		<div class="desktop-leaf-child-text">
			
			<div class="title">Webinars</div>
			
			<a class="leaf-button color-d71920" href="/en_us/about/webinars.html">Learn more</a>
		</div>
		<div class="leaf-image">
			
		</div>
	</li>

	
</ul>
</li>
	
</ul>
</li>
			</ul>
		</li>
	</ul>
</div>

<div class="list-wrapper drop-down-menu-2">
	<button type="button" class="back-one-level">
		<span>Back</span>
	</button>
	<div class="sub-menu-wrapper"></div>
</div>

<div class="list-wrapper drop-down-menu-3">
	<button type="button" class="back-one-level">
		<span>Back</span>
	</button>
	<div class="sub-menu-wrapper"></div>
</div>

<div class="list-wrapper drop-down-menu-4">
	<button type="button" class="back-one-level">
		<span>Back</span>
	</button>
	<div class="sub-menu-wrapper"></div>
</div>

<div class="list-wrapper drop-down-menu-5">
	<button type="button" class="back-one-level">
		<span>Back</span>
	</button>
	<div class="sub-menu-wrapper"></div>
</div>



<div class="buttonArrayV1">





<ul class="button-array small left-align global-margin-top-none global-margin-bottom-none global-padding-top-none global-padding-bottom-none">
	<li class="button-array-list">
		
	<a class="button  secondary color-ffffff normal" id="rsg-nav-free-trial-a34d5e" href="/en_us/business/products/trials.html#detection-response">
		Free Trials
	</a>

	</li>

	<li class="button-array-list">
		
	<a class="button  primary color-d71920 normal" id="rsh-nav-contact-us-b93ab0" href="/en_us/business/get-info-form.html">
		Contact Us
	</a>

	</li>
</ul>
</div>
</div>
</div>
			
			<div class="consumerLink">
				<a href="/en_us/forHome.html">Looking for home solutions?</a>
				
			</div>
			<a href="https://resources.trendmicro.com/GLB-Under-Attack-Form.html" class="under-attack-link">Under Attack?</a>
			<div class="alerts">
				<div class="alertUtilityMenu">
					<div class="utility-wrapper alert-top-menu">
						<div class="dropDownMenuV1">
							<div class="label"><span class="counter">0</span> </div>
							<div class="menu"><!--Intentionally left blank--></div>
						</div>
					</div>
					<div class="utility-wrapper alert-sub-menu">
						<button type="button" class="back-one-level-utility">
							<span>Back</span>
						</button>
						<div class="sub-wrapper-content">
							<div class="alerts-wrapper">
								<div class="alert-buttons">
									<div class="alerts-unread-button is-active"></div>
									<div class="alerts-all-button"></div>
								</div>
								<div class="sub-alerts-wrapper"></div>
							</div>

							
						</div>
					</div>
				</div>
			</div>

			<div class="utilityMenuV1"><div class="utilityMenu utilityMenuV1">


<div class="utility-wrapper standard-utility-wrapper">
	<div class="dropDownMenuV1">
		<div class="label">Support</div>
		<div class="menu">


<ul>
	<li>
		<a rel="noopener noreferrer" href="https://success.trendmicro.com/dcx/s/?language=en_US" target="_blank">
			Business Support Portal
		</a>
	</li>

	<li>
		<a rel="noopener noreferrer" href="https://success.trendmicro.com/virus-and-threat-help" target="_blank">
			Virus and Threat Help
		</a>
	</li>

	<li>
		<a rel="noopener noreferrer" href="https://success.trendmicro.com/renewals-and-registration" target="_blank">
			Renewals and Registration
		</a>
	</li>

	<li>
		<a href="/en_us/business/services/support-services/education.html">
			Education and Certification
		</a>
	</li>

	<li>
		<a rel="noopener noreferrer" href="https://success.trendmicro.com/dcx/s/contactus?language=en_US" target="_blank">
			Contact Support
		</a>
	</li>

	<li>
		<a href="/en_us/partners/find-a-partner.html">
			Find a Support Partner
		</a>
	</li>
</ul>
</div>
	</div>

	<div class="dropDownMenuV1">
		<div class="label">Resources</div>
		<div class="menu">


<ul>
	<li>
		<a href="/en_us/security-intelligence/breaking-news/cyber-risk-index.html">
			Cyber Risk Index/Assessment
		</a>
	</li>

	<li>
		<a href="/en_us/ciso.html">
			CISO Resource Center
		</a>
	</li>

	<li>
		<a href="/en_us/devops.html">
			DevOps Resource Center
		</a>
	</li>

	<li>
		<a href="/en_us/what-is.html">
			What Is?
		</a>
	</li>

	<li>
		<a href="https://www.trendmicro.com/vinfo/us/threat-encyclopedia/">
			Threat Encyclopedia
		</a>
	</li>

	<li>
		<a rel="noopener noreferrer" href="http://trendmicro.com/public-cloud-risk-assessment" target="_blank">
			Cloud Health Assessment
		</a>
	</li>

	<li>
		<a href="/en_us/business/capabilities/solutions-for/cyber-insurance.html">
			Cyber Insurance
		</a>
	</li>

	<li>
		<a href="https://www.trendmicro.com/vinfo/us/security/definition/a">
			Glossary of Terms
		</a>
	</li>

	<li>
		<a href="/en_us/about/webinars.html">
			Webinars
		</a>
	</li>
</ul>
</div>
	</div>

	<div class="dropDownMenuV1">
		<div class="label">Log In</div>
		<div class="menu">


<ul>
	<li>
		<a rel="noopener noreferrer" href="https://success.trendmicro.com/dcx/s/?language=en_US" target="_blank">
			Support
		</a>
	</li>

	<li>
		<a rel="noopener noreferrer" href="https://community-trendmicro.force.com/Gpartner/s/login/?language=en_US&ec=302&startURL=%2FGpartner%2Fs%2F" target="_blank">
			Partner Portal
		</a>
	</li>

	<li>
		<a rel="noopener noreferrer" href="https://cloudone.trendmicro.com/" target="_blank">
			Cloud One
		</a>
	</li>

	<li>
		<a rel="noopener noreferrer" href="https://tm.login.trendmicro.com/simplesaml/saml2/idp/SSOService.php" target="_blank">
			Product Activation and Management
		</a>
	</li>

	<li>
		<a rel="noopener noreferrer" href="https://signup.cj.com/member/signup/publisher/?cid=1867119#/branded?_k=xaeu3t" target="_blank">
			Referral Affililate
		</a>
	</li>
</ul>
</div>
	</div>
</div>
<div class="utility-wrapper active-utility-wrapper">
	<button type="button" class="back-one-level-utility">
		<span>Back</span>
	</button>
	<div class="sub-utility-wrapper"></div>
</div>
</div>
</div>
		</div>
	</nav>
</header>

<div class="search">
	<script type="text/javascript" src="//customer.cludo.com/scripts/bundles/search-script.js"></script>
	
	<script type="text/javascript">
		var cludoSettings = {};

		if( undefined === window.utag_data ) {
			cludoSettings.cludo_language = 'en';
		} else {
			switch (window.utag_data.language_code) {
				// Cludo dropped the ball on this one
				case 'ja_jp':
					cludoSettings.cludo_language = 'jp';
					break;
				case 'in_id':
					cludoSettings.cludo_language = 'id';
					break;
				default:
					cludoSettings.cludo_language = window.utag_data.language_code.substring(0, 2); // First two letters are the language
					break;
			}
		}

		cludoSettings.settingsObject = {
			customerId: 296,
			engineId: 1798,
			searchUrl: "/en_us/common/cse.html",
			searchInputs: ["cludo-search-form","cludo-search-form-mobile","cludo-search-content-form"],
			initSearchBoxText: "",
			language: cludoSettings.cludo_language,
			//endlessScroll: {stopAfterPage:3, resultsPerPage:10, bottomOffset: 145},
			//translateSearchTemplates: true,
			loading: "<div class='loader'></div>"
		};
	</script>

	<span class="material-symbols-outlined search-back-arrow">arrow_back</span>

	<div class="inner-search-wrap">
		<span class="material-symbols-outlined search-icon">search</span>
		<form class="main-menu-search" aria-label="Search Trend Micro">
			<div class="main-menu-search__field-wrapper" id="cludo-search-form">
				<table class="gsc-search-box">
					<tbody>
					<tr>
						<td class="gsc-input">
							<input type="text" class="gsc-input-field" name="search" title="search" placeholder="Search"/>
						</td>
					</tr>
					</tbody>
				</table>
			</div>
		</form>
		<span class="material-symbols-outlined search-clear-button">close</span>
	</div>
</div>
</div>
</div>

<section class="folder-indicators slider">
	<div class="folder-indicators__wrapper">
		<p class="folder-indicators__title">Content has been added to your Folio</p>
		<div class="folder-indicators__button-wrapper">
			<button class="folder-indicators__button counter" id="counter-folder">
				Go to Folio (<span>0</span>)
			</button>
			<button class="folder-indicators__button close"><span class="material-symbols-outlined close-folio-message">close</span></button>

		</div>
	</div>
</section></div>
<div class="root responsivegrid">


<div class="aem-Grid aem-Grid--12 aem-Grid--default--12 ">
    
    <div class="articleBodyNoHero aem-GridColumn aem-GridColumn--default--12"><div class="research-layout article container" role="contentinfo">
    <article class="research-layout--wrapper row" data-article-pageID="791804710">
        <div class="col-xs-12 col-md-12 one-column">
            <div class="col-xs-12 col-md-12">
                <div class="article-details" role="heading">
	<span class="article-details__bar" role="img"></span>
	<p class="article-details__display-tag">Malware</p>
	<h1 class="article-details__title">Detecting BPFDoor Backdoor Variants Abusing BPF Filters</h1>
	<p class="article-details__description">An analysis of advanced persistent threat (APT) group Red Menshen’s different variants of backdoor BPFDoor as it evolves since it was first documented in 2021.</p>
	<p class="article-details__author-by">By: Fernando Merces
		
			<time class="article-details__date">July 13, 2023</time>
		
		
		<span>Read time:&nbsp;</span><span class="eta"></span> (<span class="words"></span> words)
	</p>

	<div class="article-details__icons">
		<!--Add This-->
		<!-- Go to www.addthis.com/dashboard to customize your tools -->
<div class="addthis_toolbox addthis_default_style">
	<a class="addthis_button_compact addthis_link">
		<img src="/etc.clientlibs/trendresearch/clientlibs/clientlib-trendresearch/resources/img/share-more.svg" class="addthis-icon" alt="Share"/>
	</a>
	<a class="addthis_button_print addthis_link">
		<img src="/etc.clientlibs/trendresearch/clientlibs/clientlib-trendresearch/resources/img/printer.svg" class="addthis-icon" alt="Print"/>
	</a>
</div>

		<!--Add to Folio-->
		<div class="add-to-folio tooltip">
			<span class="icon-folio-thin"></span>
			<div class="right">
				<p>Save to Folio</p>
				<i></i>
			</div>
		</div>

		<!--Subscribe-->
		<div class="subscribe">
			<a href="https://resources.trendmicro.com/subscription-us.html" title="Subscribe" data-modal-title="Subscribe" target="target">
				<span class="icon-subscribe"></span> <span class="text">Subscribe</span>
			</a>
		</div>
	</div>
</div>

            </div>
        </div>
		
		<hr class="research-layout-divider"/>

        <main class="main--content col-xs-12 col-lg-8 col-lg-push-2">
            <div>
	
    


	

</div>
            <div class="richText">
	
    


	
		<div>
			<p>Advanced persistent threat (APT) groups have broadened their focus to include Linux and cloud servers in the past few years. Noticeable examples include <a href="https://www.trendmicro.com/vinfo/tmr/?/us/security/research-and-analysis/threat-reports/roundup/rethinking-tactics-annual-cybersecurity-roundup-2022#:~:text=CYBERCRIMINALS%20TAKE%20CORPORATE%20ROUTE%20TO%20DIVERSIFY%2C%20REBRAND">ransomware groups</a> targeting <a href="https://www.trendmicro.com/vinfo/tmr/?/us/security/research-and-analysis/threat-reports/roundup/defending-the-expanding-attack-surface-trend-micro-2022-midyear-cybersecurity-report#:~:text=In%20October%202021%2C%20LockBit%20Linux%2DESXi%20Locker%20version%201.0%20started%20targeting%20and%20encrypting%20ESXi%20servers.">VMware ESXi servers</a>, Mirai botnet variants, and groups targeting the cloud with stealers and <a href="https://www.trendmicro.com/en_us/research/22/l/linux-cryptomining-enhanced-via-chaos-rat-.html">cryptomining malware</a>.</p>
<p>Similarly, APT groups have increased their presence on non-Windows targets. An example is <a href="https://www.trendmicro.com/en_us/research/22/c/cyclops-blink-sets-sights-on-asus-routers--.html">Sandworm</a> attacking routers shipped with Linux. While malware used by cybercrime usually has the broadest possible targets, malware used by APT groups are mostly about keeping and maintaining routines’ stealth. Red Menshen (also known as DecisiveArchitect or Red Dev 18), an APT group <a href="https://malpedia.caad.fkie.fraunhofer.de/actor/red_menshen">targeting interests</a> in the Middle East and Asian countries, has been constantly improving its <a href="https://www.pwc.com/gx/en/issues/cybersecurity/cyber-threat-intelligence/cyber-year-in-retrospect/yir-cyber-threats-report-download.pdf">BPFDoor</a> backdoor over the years after it emerged in 2021. BPFDoor has since become more difficult to detect due to the improved usage of Berkeley Packet Filter (BPF), a technology that allows programs to attach network filters to an open socket that’s being used by  the threat actors behind BPFDoor to bypass firewalls’ inbound traffic rules and similar network protection solutions in Linux and Solaris operating systems (OS). Trend Micro detects the Linux and Solaris BPFDoor versions as <a href="https://www.trendmicro.com/vinfo/tmr/?/us/threat-encyclopedia/malware/Backdoor.Linux.BPFDOOR.AT/">Backdoor.Linux.BPFDOOR</a> and Backdoor.Solaris.BPFDOOR.ZAJE , respectively. Additional patterns related to the indicators have also been added for Trend products’ monitoring and detection.</p>
<p>This entry shows how Red Menshen evolved their BPF filters with a six-fold increase in their BPF programs’ instructions when compared to samples found in 2022. This is a clear sign that BPFDoor is under active development and that it has been proven successful enough for the attacks to merit a return on the malware developers’ investment from this upgrade effort. In this entry, we also give security insights and suggest techniques for defenders to detect the presence of BPFDoor in infected systems.</p>
<p><span class="body-subhead-title">What BPF is for</span></p>
<p>From a technical perspective, the most interesting feature of BPFDoor is its ability to load packet filters in the operating system’s kernel. Although that mechanism is often called Berkeley Packet Filter (BPF), the Linux implementation equivalent is called Linux Socket Filtering (LSF). Nevertheless, under the Linux context, both terms refer to the same technology.</p>
<p>BPF/LSF is now considered a subset of <a href="https://ebpf.io/what-is-ebpf/">eBPF</a> (once called extended BPF, now it’s not an acronym), a technology that supports programs to achieve a multitude of tasks and not only network packet filtering (which BPF does as its basic function). eBPF, in comparison, is akin to an abstract virtual machine (VM) that can run user-defined programs within a sandbox in the Linux kernel, much like running applications or software in a controlled environment. To differentiate BPF filters from eBPF programs, some literature refers to it as “Classic BPF” (cBPF).</p>
<p>Classic BPF allows a running program to add a packet filtering rule to an open network socket. The program can then read from the socket and be informed when an arriving packet triggers the previously inserted rule. A library that heavily uses BPF in Linux is libpcap, which is used by programs such as tcpdump. In fact, you can even see the BPF filter generated by a libpcap filter expression with the <i>-d</i> option from tcpdump:</p>

		</div>
	

</div>
            <div class="image">
	
    


	<figure class="image-figure">
		
			<img src="/content/dam/trendmicro/global/en/research/23/g/detecting-bpfdoor-backdoor-variants-abusing-bpf-filters/fig1-detecting-bpfdoor-backdoor-variants-abusing-bpf-filters.png" alt="figure1-detecting-bpfdoor-backdoor-variants-abusing-bpf-filters-red-menshen-apt"/>
		
   		<figcaption>Figure 1. BPF filter generated by tcpdump</figcaption>
	</figure>

</div>
            <div>




    
    
    <div class="richText">
	
    


	
		<div>
			<p>The code shown in Figure 1 can be understood as a “BPF assembly.” The kernel implements a virtual machine to understand this code. The bytecode that these instructions represent can also be seen with the <i>-dd</i> option:</p>

		</div>
	

</div>


    
    
    <div class="image">
	
    


	<figure class="image-figure">
		
			<img src="/content/dam/trendmicro/global/en/research/23/g/detecting-bpfdoor-backdoor-variants-abusing-bpf-filters/fig2-detecting-bpfdoor-backdoor-variants-abusing-bpf-filters.png" alt="figure2-detecting-bpfdoor-backdoor-variants-abusing-bpf-filters-red-menshen-apt"/>
		
   		<figcaption>Figure 2. Bytecode of BPF filter generated by tcpdump</figcaption>
	</figure>

</div>


    
    
    <div class="richText">
	
    


	
		<div>
			<p>As the second figure suggests, each classic BPF instruction is 8-bytes long. For further information on this, refer to the official Linux <a href="https://github.com/torvalds/linux/blob/master/Documentation/networking/filter.rst">kernel documentation</a>.</p>
<p><span class="body-subhead-title">How BPFDoor works</span></p>
<p>The BPF filters used by BPFDoor allow the actors to activate the backdoor with a single network packet. Due to the way BPF is implemented in the targeted operating system, the magic packet triggers the backdoor even when the packet is blocked by a firewall. In fact, the packet reaches the kernel’s BPF engine first, which is enough to activate the resident backdoor waiting for it. Similar features are common in rootkits but not easily found in backdoors.</p>
<p>BPFDoor samples load classic BPF filters into a running kernel. While the Linux samples load the compiled filters using the <i>SO_ATTACH_FILTER</i> option from <i>setsockopt() </i>syscall, the Solaris sample uses libpcap functions to compile and load the filter at runtime. The filters expect packets containing a magic number and, when it arrives, BPFDoor connects back to the source IP address of whoever sent the matching packet. In brief, magic numbers or magic constants are numeric literals with no explanation for their respective meanings used in the source code, or have a distinctive value that uniquely stand for specific identifiers.</p>
<p>The reverse connection is then used to send commands to the infected machine’s shell via a pipe. In other words, BPFDoor opens a reverse shell that accepts pretty much any command remotely sent by the attacker. Because BPFDoor needs root privileges to work, the reverse shell it opens is also privileged. </p>

		</div>
	

</div>


    
    
    <div class="image">
	
    


	<figure class="image-figure">
		
			<img src="/content/dam/trendmicro/global/en/research/23/g/detecting-bpfdoor-backdoor-variants-abusing-bpf-filters/fig3-detecting-bpfdoor-backdoor-variants-abusing-bpf-filters.jpg" alt="figure3-detecting-bpfdoor-backdoor-variants-abusing-bpf-filters-red-menshen-apt"/>
		
   		<figcaption>Figure 3. BPFDoor backdoor activation</figcaption>
	</figure>

</div>


    
    
    <div class="richText">
	
    


	
		<div>
			<p>Our analysis shows that different BPFDoor samples insert different filters expecting different magic numbers to initiate the reverse connection. The following sections show what we found in disassembling and analyzing BPF bytecode sets found in different BPFDoor samples.</p>
<p><span class="body-subhead-title">Pre-2023 samples</span></p>
<p>Most BPFDoor samples from 2018 to 2022 contain the same BPF program that accepts specific magic numbers for TCP (Transmission Control Protocol), UDP (User Datagram Protocol), and ICMP (Internet Control Message Protocol) protocols. The following is the disassembled and analyzed BPF bytecode from these first samples, which we call Variant A:</p>

		</div>
	

</div>


    
    
    <div class="image">
	
    


	<figure class="image-figure">
		
			<img src="/content/dam/trendmicro/global/en/research/23/g/detecting-bpfdoor-backdoor-variants-abusing-bpf-filters/fig4-detecting-bpfdoor-backdoor-variants-abusing-bpf-filters.png" alt="figure4-detecting-bpfdoor-backdoor-variants-abusing-bpf-filters-red-menshen-apt"/>
		
   		<figcaption>Figure 4. The 30-instruction BPF program</figcaption>
	</figure>

</div>


    
    
    <div class="richText">
	
    


	
		<div>
			<p>In total, the BPF program used by these samples has 30 BPF instructions. From here on, we’ll use the number of BPF instructions to measure the filter complexity. The following is an equivalent filter using <a href="https://www.tcpdump.org/manpages/pcap-filter.7.html">libpcap syntax</a>:</p>
<p style="text-align: center;"><span class="blockquote">udp[8:2]=0x7255 or (icmp[8:2]=0x7255 and icmp[icmptype] == icmp-echo) or tcp[((tcp[12]&amp;0xf0)&gt;&gt;2):2]=0x5293</span></p>
<p>To access the data field, the filter expression uses offsets. For UDP and ICMP, the data starts at octet 8. For TCP, the calculation is a bit more complex: the data offset is stored as a 4-bit value in offset 12. That’s why analysts see an “AND” operation with 0xf0. By shifting this value four places to the right, we get the first 4-bit nibble at offset 12. However, this field contains the data offset as the number of 32-bit words, not bytes, so it needs to be multiplied by four to get the actual value in bytes. As multiplying by four is the same as shifting the bits two places to the left, both operations can be reduced to a single shift operation two places to the right. In other words,</p>
<p style="text-align: center;"><span class="blockquote">(x &gt;&gt; 4) * 4 == (x &gt;&gt; 4) &lt;&lt; 2 == x &gt;&gt; 2</span></p>
<p>As the filter suggests, there are three different packets that activate the backdoor on an impacted system:</p>
<ul>
<li><span class="rte-red-bullet">UDP packet containing the magic number 0x7255 at the data field</span></li>
<li><span class="rte-red-bullet">ICMP ECHO (ping) packet containing the same 0x7255 magic number at the data field</span></li>
<li><span class="rte-red-bullet">TCP packet containing the magic number 0x5293 at the data field</span></li>
</ul>
<p><span class="body-subhead-title">BPFDoor filters in 2023</span></p>
<p>Using <a href="https://github.com/trendmicro/telfhash">telfhash</a>, we were able to source four samples that support an additional 4-byte magic number for TCP packets. The new BPF program contains 39 instructions. We’re calling this program Variant B, and its disassembly is as follows:</p>

		</div>
	

</div>


    
    
    <div class="image">
	
    


	<figure class="image-figure">
		
			<img src="/content/dam/trendmicro/global/en/research/23/g/detecting-bpfdoor-backdoor-variants-abusing-bpf-filters/fig5-detecting-bpfdoor-backdoor-variants-abusing-bpf-filters.jpg" alt="figure5-detecting-bpfdoor-backdoor-variants-abusing-bpf-filters-red-menshen-apt"/>
		
   		<figcaption>Figure 5. 39-instruction BPF program</figcaption>
	</figure>

</div>


    
    
    <div class="richText">
	
    


	
		<div>
			<p>The nine additional instructions highlighted in the diagram add the abilities to activate the backdoor by a TCP packet containing the magic number 0x39393939 at a specific offset. This set of instructions might mean that the developers of BPFDoor wanted to have an additional way of activating the backdoor after its inner workings were detailed in a previously published <a href="https://sandflysecurity.com/blog/bpfdoor-an-evasive-linux-backdoor-technical-analysis/">article</a>. An equivalent filter is as follows:</p>
<p style="text-align: center;"><span class="blockquote">udp[8:2]=0x7255 or (icmp[8:2]=0x7255 and icmp[icmptype] == icmp-echo) or tcp[((tcp[12]&amp;0xf0)&gt;&gt;2):2]=0x5293 or tcp[((tcp[12]&amp;0xf0)&gt;&gt;2)+26:4]=0x39393939</span></p>
<p>As the filter suggests, this new magic number should start at byte 26 in the TCP data. This means the first 26 bytes can be anything, which might be an attempt to make detection harder. It is also interesting to note that the previous magic numbers still work in this variant, which ensures compatibility with older versions of BPFDoor.</p>
<p><b>Doubtful feature: MAC address check</b></p>
<p>One BPFDoor sample uploaded to a public repository contained a BPF program containing 205 instructions, and we’ve called this sample Variant C. This is almost six times bigger than the previous BPF programs used by BPFDoor.</p>
<p>In this BFP program, the first 4-bit nibble of the packet’s 48-bit (6 bytes) destination MAC addresses is checked. The backdoor seems to be activated only if this nibble is 0x4. In other words, if the destination MAC address starts with 0x4. This is achieved using the following BPF code:</p>
<p><span class="blockquote">l0:     ldb [0]                  # load the first byte of the packet to A register.<br />
 l1:     and A, #0xf0             # A = A &amp; 0xf0 (bitwise AND).<br />
 l2:     jeq #0x40, l3, l33       # if the result is equals to 0x40, jump to location 3 (l3) and continue execution.</span></p>
<p>The result will be 0x40 if the byte’s highest nibble is 0x4. The program then uses the lowest nibble as an offset to locate the magic number. In our tests, the most feasible value for the lowest nibble is 0x3, which sets the program to look at the sixth byte from the data field.</p>
<p>However, we don’t know whether this usage of the lowest nibble is intentional or not. One possibility is that the threat actors tried to come up with a BPF code to check for IPv4 and IPv6 packets, but ended up checking the destination MAC address by mistake. Another possibility is that the attackers tried to target machines whose network cards start with 0x4. As the first three bytes of MAC addresses serve as the Organizationally Unique Identifier (OUI), this would make the variant target victims with a particular NIC (network interface card) manufactured by a <a href="https://standards-oui.ieee.org/">wide range</a> of companies.</p>
<p>The possible magic numbers did not change compared to the 2022 samples, though. UDP and ICMP both accept 0x7255, while TCP accepts either 0x5293 or 0x39393939. There’s also a code path for destination MAC addresses starting with 0x6 (or tentative to check for IPv6), but seems to be unreachable when checked. The following disassembly highlights the code path for a valid packet:</p>

		</div>
	

</div>


    
    
    <div class="image">
	
    


	<figure class="image-figure">
		
			<img src="/content/dam/trendmicro/global/en/research/23/g/detecting-bpfdoor-backdoor-variants-abusing-bpf-filters/fig6-detecting-bpfdoor-backdoor-variants-abusing-bpf-filters.png" alt="figure6-detecting-bpfdoor-backdoor-variants-abusing-bpf-filters-red-menshen-apt"/>
		
   		<figcaption>Figure 6. First packet byte check in a 205-instruction BPF program</figcaption>
	</figure>

</div>


    
    
    <div class="richText">
	
    


	
		<div>
			<p>Three other samples from 2023 used an improved version of the above BPF program containing 229 instructions. This improved version also ensures the ICMP packet is from an ICMP ECHO request. We call it Variant D. Deep Instinct also revealed a 2023 <a href="https://www.deepinstinct.com/blog/bpfdoor-malware-evolves-stealthy-sniffing-backdoor-ups-its-game">sample</a> that uses “44 30 CD 9F 5E 14 27 66” as the magic number, which we call Variant E.</p>
<p><span class="body-subhead-title">Victims and detection</span></p>

		</div>
	

</div>


    
    
    <div class="image">
	
    


	<figure class="image-figure">
		
			<img src="/content/dam/trendmicro/global/en/research/23/g/detecting-bpfdoor-backdoor-variants-abusing-bpf-filters/fig7-detecting-bpfdoor-backdoor-variants-abusing-bpf-filters.jpg" alt="figure7-detecting-bpfdoor-backdoor-variants-abusing-bpf-filters-red-menshen-apt"/>
		
   		<figcaption>Figure 7. Countries targeted using BPFDoor</figcaption>
	</figure>

</div>


    
    
    <div class="image">
	
    


	<figure class="image-figure">
		
			<img src="/content/dam/trendmicro/global/en/research/23/g/detecting-bpfdoor-backdoor-variants-abusing-bpf-filters/fig8-detecting-bpfdoor-backdoor-variants-abusing-bpf-filters.jpg" alt="figure8-detecting-bpfdoor-backdoor-variants-abusing-bpf-filters-red-menshen-apt"/>
		
   		<figcaption>Figure 8. Industries targeted using BPFDoor</figcaption>
	</figure>

</div>


    
    
    <div class="richText">
	
    


	
		<div>
			<p>According to Trend Micro telemetry data, companies in the telecommunications sector in Türkiye and Hong Kong are being targeted by this threat actor. While we’re only halfway into 2023, there is a noticeable focus in unique detections for the said countries and industry compared to 2022. The data matches the initial report from PwC in 2022 pertaining to sectors, aside from “government, education, and logistics.” We recommend that defenders in these sectors check their servers carefully. One simple way of doing this is listing the running processes that inserted BPF filters in your Linux server with the <b>ss</b> command-line tool with the following parameters:</p>
<ul>
<li><span class="rte-red-bullet">-0 or --packet to display PACKET sockets</span></li>
<li><span class="rte-red-bullet">-p or --processes to show the processes using such sockets</span></li>
<li><span class="rte-red-bullet">-b or --bpf to dump the BPF programs attached to the sockets</span></li>
</ul>
<p>The following is an example of a Linux-based machine compromised by Variant A:</p>

		</div>
	

</div>


    
    
    <div class="image">
	
    


	<figure class="image-figure">
		
			<img src="/content/dam/trendmicro/global/en/research/23/g/detecting-bpfdoor-backdoor-variants-abusing-bpf-filters/fig9-detecting-bpfdoor-backdoor-variants-abusing-bpf-filters.png" alt="figure9-detecting-bpfdoor-backdoor-variants-abusing-bpf-filters-red-menshen-apt"/>
		
   		<figcaption>Figure 9. Listing processes that loaded BPF filters</figcaption>
	</figure>

</div>


    
    
    <div class="richText">
	
    


	
		<div>
			<p>Figure 9 shows two processes using BPF filters: <i>dhclient</i> (PID 1893) has a legitimate 11-instruction BPF program attached to it as indicated by the number between parenthesis. Meanwhile, <i>hald-addon-acpi</i> (PID 2629) has a suspicious 30-instruction BPF filter. We highlighted the magic numbers checked by the filter to trigger the backdoor (<i>29269 == 0x7255 </i>and<i> 21139 == 0x5293</i>). We note that security teams should not rely on the process name as this might change for every infection. Instead, analysts can also look specifically for the magic numbers. The following is an output from a machine infected with Variant D, which loads a BPF filter containing 229 instructions:</p>

		</div>
	

</div>


    
    
    <div class="image">
	
    


	<figure class="image-figure">
		
			<img src="/content/dam/trendmicro/global/en/research/23/g/detecting-bpfdoor-backdoor-variants-abusing-bpf-filters/fig10-detecting-bpfdoor-backdoor-variants-abusing-bpf-filters.png" alt="figure10-detecting-bpfdoor-backdoor-variants-abusing-bpf-filters-red-menshen-apt"/>
		
   		<figcaption>Figure 10. Highlighting BPFDoor magic numbers in ss command output</figcaption>
	</figure>

</div>


    
    
    <div class="richText">
	
    


	
		<div>
			<p><span class="body-subhead-title">Conclusion</span></p>
<p>Embedding BPF bytecode in malware samples represents a new challenge for security teams, particularly for malware analysts and network defenders. Inspecting these programs is key to create accurate file and network traffic rules. But analysts’ and security teams’ work might not be trivial and have their work cut out for them in going through the samples, especially due to the lack of tools to analyze and debug BPF bytecode. The usage of BPF filters adds a certain layer of sophistication rarely seen in cybercrime, although it exists in addition to APT attacks.</p>
<p>One malware example where the abuse of BPF filters has been observed is <a href="https://blogs.blackberry.com/en/2022/06/symbiote-a-new-nearly-impossible-to-detect-linux-threat">Symbiote</a> malware. Although BPF filters are not new, they are not heavily used by malware. Tools such IDA Pro and most disassemblers are not natively ready, but they can be extended with plugins. An exception is <a href="https://rada.re/">Radare2</a>, an open-source framework that functions as a reverse engineering toolkit. The Linux kernel team also provides a few command line tools to deal with BPF filters, but can be further improved for analysts’ use. Additionally, we are not aware of any malware training currently covering this. For that reason, we can consider it a “new” thing on the malware analysis side, and might be a consideration for malware and threat trainers to add in their respective programs.</p>
<p>The evolution of BPF filters used by BPFDoor also shows that threat actors are working to improve their methods to cover their tracks and keep the backdoor stealthy. We recommend network defenders to update their existing rules to reflect these changes, and for malware analysts to jump into <a href="https://docs.kernel.org/networking/filter.html">BPF filter analysis</a> as soon as possible.</p>
<p>Attacks involving BPFDoor can give the attackers complete access to the infected machine. Defenders should really pay attention to the BPF programs running in their environments.</p>
<p><span class="body-subhead-title">Mitre ATT&amp;CK techniques</span></p>
<p>As we focused on the BPF programs BPFDoor variants load, the only relevant ATT&amp;CK framework technique is <b>Traffic Signaling (T1205)</b> and its sub-technique <b>Traffic Signaling: Socket Filters (T1205-002)</b>.</p>
<p><span class="body-subhead-title">Indicators of compromise (IOCs)</span></p>
<p>Download the indicators <a href="/content/dam/trendmicro/global/en/research/23/g/detecting-bpfdoor-backdoor-variants-abusing-bpf-filters/IOCs-detecting-bpfdoor-backdoor-variants-abusing-bpf-filters.txt">here</a>.</p>
<p><span class="body-subhead-title">Magic numbers</span></p>
<p>The following table contains the magic numbers supported by different versions of the BPF filters analyzed:</p>

		</div>
	

</div>


    
    
    <div class="richText">
	
    


	
		<div class="responsive-table-wrap">
			<table cellpadding="1" cellspacing="0" border="1" width="100%">
<tbody><tr><th scope="col" style="text-align: center;">Protocol</th>
<th scope="col" colspan="2" style="text-align: center;">Magic Number</th>
</tr><tr><td> </td>
<th style="text-align: center;">Hexadecimal</th>
<th style="text-align: center;">Decimal</th>
</tr><tr><td>UDP</td>
<td>0x7255</td>
<td>29 269</td>
</tr><tr><td>ICMP</td>
<td>0x7255</td>
<td>29 269</td>
</tr><tr><td>TCP</td>
<td>0x5293</td>
<td>21 139</td>
</tr><tr><td>TCP</td>
<td>0x39393939</td>
<td>960 051 513</td>
</tr></tbody></table>

		</div>
	

</div>


    
    
    <div class="richText">
	
    


	
		<div>
			<p>The following Linux command can help defenders and security teams investigate suspicious BPF programs from checking the previously mentioned magic numbers:</p>
<p style="text-align: center;"><span class="blockquote">ss -0pb | grep -EB1 --color &quot;$((0x7255))|$((0x5293))|$((0x39393939))&quot;</span></p>

		</div>
	

</div>


</div>
            <section class="tag--list">
	<div class="tag--list-title">Tags</div>
	<div class="tag--list-tags">
		<a href="/en_us/research.html?category=trend-micro-research:threats/malware" class="tag--list-anchor">Malware</a>
		
			<span class="tag--list-separator" role="separator">|</span>
		
	
		<a href="/en_us/research.html?category=trend-micro-research:threats/cyber-threats" class="tag--list-anchor">Cyber Threats</a>
		
			<span class="tag--list-separator" role="separator">|</span>
		
	
		<a href="/en_us/research.html?category=trend-micro-research:threats/apt-and-targeted-attacks" class="tag--list-anchor">APT &amp; Targeted Attacks</a>
		
			<span class="tag--list-separator" role="separator">|</span>
		
	
		<a href="/en_us/research.html?category=trend-micro-research:environments/endpoints" class="tag--list-anchor">Endpoints</a>
		
			<span class="tag--list-separator" role="separator">|</span>
		
	
		<a href="/en_us/research.html?category=trend-micro-research:environments/iot" class="tag--list-anchor">IoT</a>
		
			<span class="tag--list-separator" role="separator">|</span>
		
	
		<a href="/en_us/research.html?category=trend-micro-research:environments/network" class="tag--list-anchor">Network</a>
		
			<span class="tag--list-separator" role="separator">|</span>
		
	
		<a href="/en_us/research.html?category=trend-micro-research:medium/article" class="tag--list-anchor">Articles, News, Reports</a>
		
	</div>
</section>

        </main>

        <sidebar class="sidebar--left col-xs-12 col-lg-2 col-lg-pull-8">
            


<h3 class="article-authors__title">
	
		Authors
	
</h3>

<!-- /* Show Trend Micro if we don't have any authors for this article */ -->


<ul class="article-authors__list">
	<li class="article-authors__list-items">
		
		<div class="article-authors__wrapper" role="contentinfo authors profile">
			
			
				<p class="article-authors__list-items__name">Fernando Merces</p>
			
			<p class="article-authors__list-items__position">Sr. Threat Researcher</p>
		</div>
	</li>
</ul>

<div class="article-authors__btn-wrapper" role="button">
	<a class="article-authors__button " href="mailto:tm_research@trendmicro.com" target="target" id="article-authors-contact-us-button">
		Contact Us
	</a>
</div>

<div class="article-authors__btn-wrapper subscribe-wrapper" role="button">
	<a class="article-authors__button subscribe " href="https://resources.trendmicro.com/subscription-us.html" data-modal-title="Subscribe" target="target">
		Subscribe
	</a>
</div>
	

    

        </sidebar>

        <sidebar class="sidebar--right col-xs-12 col-lg-2">
            <div class="sidebar--wrapper" role="contentinfo sidebar">
                <div class="row-1" role="contentinfo related articles">
                    
	
    


	<div class="related--articles" role="contentinfo related articles">
		<h3 class="related--articles-title">Related Articles</h3>
		 <ul class="related--articles-items">
			<li class="related--articles-item">
				<a class="related--articles-item-anchor" href="/en_us/research/23/g/platform-approach-to-cybersecurity.html">
					Platform Approach to Cybersecurity: The New Paradigm
				</a> 
			</li>
		
			<li class="related--articles-item">
				<a class="related--articles-item-anchor" href="/en_us/research/23/g/tailing-big-head-ransomware-variants-tactics-and-impact.html">
					Tailing Big Head Ransomware’s Variants, Tactics, and Impact
				</a> 
			</li>
		
			<li class="related--articles-item">
				<a class="related--articles-item-anchor" href="/en_us/research/23/g/hunting-for-a-new-stealthy-universal-rootkit-loader.html">
					Hunting for A New Stealthy Universal Rootkit Loader
				</a> 
			</li>
		</ul>
	</div>

	<div class="archived--link">
		<div class="archived--link-text">
			<a href="/en_us/research.html">
				See all articles
			</a>
		</div>

		<div class="archived--link-icon">
			<a href="/en_us/research.html">
				<span class="icon-chevron-right"></span>
			</a>
		</div>
	</div>


                </div>
            </div>
        </sidebar>
    </article>
</div></div>

    
</div>
</div>
<div class="footer">




<div class="containerV1"><div class="footer_wrapper footer-wrapper"><div class="containerV1">
	<div class="container-content">
		
		<div class="responsiveColumnControlV1 section">







<div class="row  global-margin-top-none global-padding-top-none global-padding-bottom-none global-margin-bottom-none" id="responsive-column-2c7f0079-f517-46e9-ae99-e06d63e4b602">
	<div class="col-sm-12 col-xs-12 col-md-4 column"><div class="footer section">


	<div class="createAccount">
	<div class="containerV1 section">





<style>
@media ( min-width: 1024px ){
	#container460e00e6-f957-462f-8fbb-fd2de96f1ac2,
	.container460e00e6-f957-462f-8fbb-fd2de96f1ac2 {
		height: auto;

		background-repeat: no-repeat;
		background-size: cover;
	}
}

@media ( max-width: 1023px ) and ( min-width: 768px ){
	#container460e00e6-f957-462f-8fbb-fd2de96f1ac2,
	.container460e00e6-f957-462f-8fbb-fd2de96f1ac2 {
		height: auto;

		background-repeat: no-repeat;
		background-size: cover;
	}
}

@media ( max-width: 767px ){
	#container460e00e6-f957-462f-8fbb-fd2de96f1ac2,
	.container460e00e6-f957-462f-8fbb-fd2de96f1ac2 {
		height: auto;

		background-repeat: no-repeat;
		background-size: cover;
	}
}
</style>


<div id="container460e00e6-f957-462f-8fbb-fd2de96f1ac2" class="container460e00e6-f957-462f-8fbb-fd2de96f1ac2 container-wrap  gray-border global-margin-top-none global-margin-bottom-none global-padding-top-none global-padding-bottom-none rounded-corners-all-20 ">
	

	<section>
		<div class="container-content">
			<div class="prod-content"><div class="text primary-color-white section">
<div id="text-db3f030b20" class="cmp-text">
    <p>Try our services free for 30 days</p>

</div>

    

</div>
<div class="buttonArrayV1 section">





<ul class="button-array small center-align global-margin-top-none global-margin-bottom-none global-padding-top-none global-padding-bottom-none">
	<li class="button-array-list">
		
	<a class="button  primary color-ffffff normal" id="footer-free-trial-f1f976" href="/en_us/business/products/trials.html#detection-response">
		Start your free trial today
	</a>

	</li>
</ul>
</div>

</div>
		</div>
	</section>
</div>
</div>
<div class="footer section">




	

<ul class="social-media-links">
	
	<li>
		<a href="https://www.linkedin.com/company/trend-micro/" class="social-icon linkedin" target="_blank" rel="noopener noreferrer">
			
			
			
				<svg xmlns="http://www.w3.org/2000/svg" width="18" height="18" viewBox="0 0 18 18">
					<path id="LinkedIn" d="M8.8,10.3a1.5,1.5,0,0,1,1.5-1.5H25.295A1.5,1.5,0,0,1,26.8,10.3V25.294A1.5,1.5,0,0,1,25.3,26.8H10.3a1.5,1.5,0,0,1-1.5-1.5Zm7.125,5.359h2.437v1.224a2.793,2.793,0,0,1,2.6-1.337c2.593,0,3.207,1.4,3.207,3.973v4.763H21.55V20.109c0-1.465-.352-2.291-1.245-2.291-1.24,0-1.755.891-1.755,2.291v4.178H15.925Zm-4.5,8.512H14.05V15.55H11.425v8.624Zm3-11.437a1.688,1.688,0,1,1-.507-1.17A1.689,1.689,0,0,1,14.425,12.737Z" transform="translate(-8.8 -8.8)" fill="#020607" fill-rule="evenodd"/>
				</svg>

			
			
			
		</a>
	</li>
	
	<li>
		<a href="https://www.facebook.com/TrendMicro/" class="social-icon facebook" target="_blank" rel="noopener noreferrer">
			
				<svg xmlns="http://www.w3.org/2000/svg" width="18" height="18" viewBox="0 0 18 18">
					<path id="Facebook" d="M56.087,8.8A3.28,3.28,0,0,0,52.8,12.087V23.513A3.28,3.28,0,0,0,56.087,26.8H62.28V19.763H60.419V17.229H62.28V15.065c0-1.7,1.1-3.262,3.632-3.262a15.371,15.371,0,0,1,1.784.1l-.06,2.366s-.773-.007-1.617-.007c-.913,0-1.06.421-1.06,1.119v1.85h2.75l-.12,2.533h-2.63V26.8h2.554A3.28,3.28,0,0,0,70.8,23.513V12.087A3.28,3.28,0,0,0,67.513,8.8H56.087Z" transform="translate(-52.8 -8.8)" fill="#020607"/>
				</svg>
			
			
			
			
			
		</a>
	</li>
	
	<li>
		<a href="https://twitter.com/trendmicro" class="social-icon twitter" target="_blank" rel="noopener noreferrer">
			
			
			
			
				<svg xmlns="http://www.w3.org/2000/svg" width="20" height="16" viewBox="0 0 20 16">
					<path id="Twitter" d="M116,11.5a8.307,8.307,0,0,1-2.356.635,4.055,4.055,0,0,0,1.8-2.235,8.271,8.271,0,0,1-2.6.979,4.154,4.154,0,0,0-4.934-.8,4.064,4.064,0,0,0-1.8,1.9,3.981,3.981,0,0,0-.256,2.586,11.806,11.806,0,0,1-4.685-1.225,11.625,11.625,0,0,1-3.772-2.995,3.991,3.991,0,0,0-.071,3.936,4.063,4.063,0,0,0,1.341,1.456,4.142,4.142,0,0,1-1.858-.505v.052a4,4,0,0,0,.928,2.558,4.117,4.117,0,0,0,2.364,1.4,4.2,4.2,0,0,1-1.853.069,4.042,4.042,0,0,0,1.46,2.007,4.15,4.15,0,0,0,2.374.8,8.321,8.321,0,0,1-5.1,1.729A8.491,8.491,0,0,1,96,23.785a11.741,11.741,0,0,0,6.289,1.814,11.5,11.5,0,0,0,11.676-11.489c0-.173-.005-.349-.012-.522A8.284,8.284,0,0,0,116,11.5Z" transform="translate(-96 -9.6)" fill="#020607"/>
				</svg>

			
			
		</a>
	</li>
	
	<li>
		<a href="https://www.instagram.com/trendmicro/" class="social-icon instagram" target="_blank" rel="noopener noreferrer">
			
			
				<svg xmlns="http://www.w3.org/2000/svg" width="18" height="18" viewBox="0 0 18 18">
					<path id="Instagram" d="M146.09,8.854c.959-.044,1.265-.054,3.71-.054s2.751.011,3.71.054a6.631,6.631,0,0,1,2.186.418,4.607,4.607,0,0,1,2.631,2.632,6.641,6.641,0,0,1,.419,2.184c.044.961.054,1.267.054,3.711s-.011,2.751-.054,3.711a6.61,6.61,0,0,1-.419,2.184,4.6,4.6,0,0,1-2.631,2.632,6.626,6.626,0,0,1-2.185.419c-.96.044-1.266.054-3.711.054s-2.751-.011-3.71-.054a6.6,6.6,0,0,1-2.185-.419,4.595,4.595,0,0,1-2.633-2.631,6.643,6.643,0,0,1-.419-2.185c-.044-.961-.054-1.267-.054-3.711s.01-2.751.054-3.71a6.611,6.611,0,0,1,.419-2.186A4.611,4.611,0,0,1,143.9,9.272a6.65,6.65,0,0,1,2.185-.418Zm7.346,1.62c-.949-.043-1.234-.052-3.636-.052s-2.687.009-3.636.052a4.976,4.976,0,0,0-1.673.31,2.972,2.972,0,0,0-1.708,1.708,4.968,4.968,0,0,0-.31,1.671c-.044.949-.053,1.234-.053,3.637s.009,2.688.053,3.637a4.968,4.968,0,0,0,.31,1.671,2.972,2.972,0,0,0,1.708,1.708,4.976,4.976,0,0,0,1.673.31c.949.043,1.232.052,3.636.052s2.688-.009,3.636-.052a4.976,4.976,0,0,0,1.673-.31,2.972,2.972,0,0,0,1.708-1.708,4.968,4.968,0,0,0,.31-1.671c.043-.949.053-1.234.053-3.637s-.01-2.688-.053-3.637a4.968,4.968,0,0,0-.31-1.671,2.972,2.972,0,0,0-1.708-1.708A4.976,4.976,0,0,0,153.436,10.474Zm-4.786,10.1a3,3,0,1,0-1.075-.758A3,3,0,0,0,148.65,20.574Zm-2.121-6.046a4.626,4.626,0,1,1-1.355,3.271A4.634,4.634,0,0,1,146.529,14.529Zm8.924-.666a1.091,1.091,0,0,0,.25-.355,1.1,1.1,0,0,0,.093-.425,1.093,1.093,0,1,0-.343.78Z" transform="translate(-140.8 -8.8)" fill="#020607" fill-rule="evenodd"/>
				</svg>
			
			
			
			
		</a>
	</li>
	
	<li>
		<a href="https://www.youtube.com/user/TrendMicroInc" class="social-icon youtube" target="_blank" rel="noopener noreferrer">
			
			
			
			
			
				<svg xmlns="http://www.w3.org/2000/svg" width="24.003" height="16.01" viewBox="0 0 24.003 16.01">
					<path id="YouTube" d="M205.9,12.112a2.78,2.78,0,0,0-.765-1.27A3.052,3.052,0,0,0,203.8,10.1c-1.877-.495-9.4-.495-9.4-.495a76.616,76.616,0,0,0-9.39.47,3.156,3.156,0,0,0-1.339.76,2.9,2.9,0,0,0-.777,1.276A29.133,29.133,0,0,0,182.4,17.6a29.058,29.058,0,0,0,.489,5.494,2.818,2.818,0,0,0,.775,1.269,3.094,3.094,0,0,0,1.341.743c1.9.494,9.39.494,9.39.494a76.8,76.8,0,0,0,9.4-.47,3.051,3.051,0,0,0,1.339-.742,2.785,2.785,0,0,0,.765-1.27,28.339,28.339,0,0,0,.5-5.495,26.534,26.534,0,0,0-.5-5.517ZM192,21.029V14.182l6.26,3.424Z" transform="translate(-182.4 -9.6)" fill="#020607"/>
				</svg>

			
		</a>
	</li>
	
</ul>


</div>


</div>




</div>

</div>

	<div class="col-sm-12 col-xs-12 col-md-8 column"><div class="responsiveColumnControlV1 section">







<div class="row  global-margin-top-none global-padding-top-none global-padding-bottom-none global-margin-bottom-none" id="responsive-column-95ad7a4e-58a9-4678-a0fc-7f47c92dc548">
	<div class="col-sm-12 col-xs-12 col-md-4 column"><div class="footer section">

	<div class="footerMenu">
	<h3>Resources</h3>
	
		<ul>
			
				<li><a href="/en_us/research.html" target="_self" rel="noopener noreferrer">Blog</a></li>
			
				<li><a href="https://trendmicro.com/newsroom" target="_self" rel="noopener noreferrer">Newsroom</a></li>
			
				<li><a href="https://www.trendmicro.com/vinfo/us/security/research-and-analysis/threat-reports" target="_self" rel="noopener noreferrer">Threat Reports</a></li>
			
				<li><a href="/en_us/devops.html" target="_self" rel="noopener noreferrer">DevOps Resource Center</a></li>
			
				<li><a href="/en_us/ciso.html" target="_self" rel="noopener noreferrer">CISO Resource Center</a></li>
			
				<li><a href="/en_us/partners/find-a-partner.html" target="_self" rel="noopener noreferrer">Find a Partner</a></li>
			
		</ul>
	
</div>






</div>

</div>

	<div class="col-sm-12 col-xs-12 col-md-4 column"><div class="footer section">

	<div class="footerMenu">
	<h3>Support</h3>
	
		<ul>
			
				<li><a href="https://success.trendmicro.com/dcx/s/?language=en_US" target="_blank" rel="noopener noreferrer">Business Support Portal</a></li>
			
				<li><a href="/en_us/business/get-info-form.html" target="_self" rel="noopener noreferrer">Contact Us</a></li>
			
				<li><a href="/en_us/business/products/downloads.html" target="_self" rel="noopener noreferrer">Downloads</a></li>
			
				<li><a href="/en_us/business/products/trials.html" target="_self" rel="noopener noreferrer">Free Trials</a></li>
			
				<li><a target="_self" rel="noopener noreferrer"></a></li>
			
				<li><a target="_self" rel="noopener noreferrer"></a></li>
			
		</ul>
	
</div>






</div>

</div>

	<div class="col-sm-12 col-xs-12 col-md-4 column"><div class="footer section">

	<div class="footerMenu">
	<h3>About Trend</h3>
	
		<ul>
			
				<li><a href="/en_us/about.html" target="_self" rel="noopener noreferrer">About Us</a></li>
			
				<li><a href="/en_us/about/careers.html" target="_self" rel="noopener noreferrer">Careers</a></li>
			
				<li><a href="/en_us/contact.html" target="_self" rel="noopener noreferrer">Locations</a></li>
			
				<li><a href="/en_us/about/events.html" target="_self" rel="noopener noreferrer">Upcoming Events</a></li>
			
				<li><a href="/en_us/about/trust-center.html" target="_self" rel="noopener noreferrer">Trust Center</a></li>
			
				<li><a target="_self" rel="noopener noreferrer"></a></li>
			
		</ul>
	
</div>






</div>

</div>
</div>
</div>

</div>
</div>
</div>
<div class="responsiveColumnControlV1 section">







<div class="row  global-margin-top-none global-padding-top-none global-padding-bottom-none global-margin-bottom-none" id="responsive-column-6e6ca31c-6044-47b3-81ba-8091f4ce0441">
	<div class="col-sm-12 col-xs-12 col-md-3 column"><div class="footer section">



	
<div class="country-selection">
	<p>Select a country / region</p>
	<div class="dropup position-unset">
		<button class="btn btn-default dropdown-toggle" type="button" id="countryMenu" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false">
			<span class="stateSelect"></span>
			<span class="material-symbols-outlined">
			expand_more</span>
		</button>
		<div class="row dropdown-menu" aria-labelledby="countryMenu">
			<span class="material-symbols-outlined icon-close">close</span>
			
				<div class="coloumn col-xs-12 col-sm-6 col-md-2">
					<h4>The Americas</h4>
					<ul>
						
							<li>
								<a href="/en_us.html">United States</a>
							</li>
						
							<li>
								<a href="/pt_br.html">Brasil</a>
							</li>
						
							<li>
								<a href="/en_ca.html">Canada</a>
							</li>
						
							<li>
								<a href="/es_mx.html">México</a>
							</li>
						
					</ul>
				</div>
			
				<div class="coloumn col-xs-12 col-sm-6 col-md-2">
					<h4>Middle East &amp; Africa</h4>
					<ul>
						
							<li>
								<a href="/en_za.html">South Africa</a>
							</li>
						
							<li>
								<a href="/en_ae.html">Middle East and North Africa</a>
							</li>
						
					</ul>
				</div>
			
				<div class="coloumn col-xs-12 col-sm-6 col-md-4">
					<h4>Europe</h4>
					<ul>
						
							<li>
								<a href="/en_be.html">België (Belgium)</a>
							</li>
						
							<li>
								<a href="http://www.trendmicro.cz/">Česká Republika</a>
							</li>
						
							<li>
								<a href="/en_dk.html">Danmark</a>
							</li>
						
							<li>
								<a href="/de_de.html">Deutschland, Österreich Schweiz</a>
							</li>
						
							<li>
								<a href="/es_es.html">España</a>
							</li>
						
							<li>
								<a href="/fr_fr.html">France</a>
							</li>
						
							<li>
								<a href="/en_ie.html">Ireland</a>
							</li>
						
							<li>
								<a href="/it_it.html">Italia</a>
							</li>
						
							<li>
								<a href="/en_nl.html">Nederland</a>
							</li>
						
							<li>
								<a href="/en_no.html">Norge (Norway)</a>
							</li>
						
							<li>
								<a href="/pl_pl.html">Polska (Poland)</a>
							</li>
						
							<li>
								<a href="/en_fi.html">Suomi (Finland)</a>
							</li>
						
							<li>
								<a href="/en_se.html">Sverige (Sweden)</a>
							</li>
						
							<li>
								<a href="/tr_tr.html">Türkiye (Turkey)</a>
							</li>
						
							<li>
								<a href="/en_gb.html">United Kingdom</a>
							</li>
						
					</ul>
				</div>
			
				<div class="coloumn col-xs-12 col-sm-6 col-md-4">
					<h4>Asia &amp; Pacific</h4>
					<ul>
						
							<li>
								<a href="/en_au.html">Australia</a>
							</li>
						
							<li>
								<a href="/ru_ru.html">Центральная Азия (Central Asia)</a>
							</li>
						
							<li>
								<a href="/en_hk.html">Hong Kong (English)</a>
							</li>
						
							<li>
								<a href="/zh_hk.html">香港 (中文) (Hong Kong) </a>
							</li>
						
							<li>
								<a href="/en_in.html">भारत गणराज्य (India)</a>
							</li>
						
							<li>
								<a href="/in_id.html">Indonesia</a>
							</li>
						
							<li>
								<a href="/ja_jp.html">日本 (Japan)</a>
							</li>
						
							<li>
								<a href="/ko_kr/business.html">대한민국 (South Korea)</a>
							</li>
						
							<li>
								<a href="/en_my.html">Malaysia</a>
							</li>
						
							<li>
								<a href="/en_us.html">Монголия (Mongolia) and рузия (Georgia)</a>
							</li>
						
							<li>
								<a href="/en_nz.html">New Zealand</a>
							</li>
						
							<li>
								<a href="/en_ph.html">Philippines</a>
							</li>
						
							<li>
								<a href="/en_sg.html">Singapore</a>
							</li>
						
							<li>
								<a href="/zh_tw.html">台灣 (Taiwan)</a>
							</li>
						
							<li>
								<a href="/th_th.html"> ประเทศไทย (Thailand)</a>
							</li>
						
							<li>
								<a href="/vi_vn.html">Việt Nam</a>
							</li>
						
					</ul>
				</div>
			
		</div>
	</div>
</div>




</div>

</div>

	<div class="col-sm-12 col-xs-12 col-md-9 column"><div class="horizontalSeparatorV1 section">



<style>
.horizontalSeparator-9fe8af5f-c375-4a57-90e1-4d80e9dd83c4.border {
		border-bottom: 1px solid #bcbdc0;
}
</style>
<div id="horizontalV1-9fe8af5f-c375-4a57-90e1-4d80e9dd83c4" class="global-margin-top- global-margin-bottom-default global-padding-top-default global-padding-bottom- border horizontalSeparator-9fe8af5f-c375-4a57-90e1-4d80e9dd83c4">
	
</div>


</div>
<div class="responsiveColumnControlV1 section">







<div class="row  global-margin-top-none global-padding-top-none global-padding-bottom-none global-margin-bottom-none" id="responsive-column-923ae96b-662b-4094-af72-a7d9cc3d9080">
	<div class="col-sm-12 col-xs-12 col-md-6 column"><div class="text primary-color-white font-interstate-light font-size-14 section">
<div id="privacyLink" class="cmp-text">
    <p><a title="privacy" href="/en_us/about/trust-center/privacy.html">Privacy</a> <b>|</b> <a title="Legal" href="/en_us/about/legal.html">Legal</a> <b>|</b> <a title="Accessibility" href="/en_us/about/legal/accessibility-policy.html">Accessibility</a> <b>|</b> <a title="Site map" href="/en_us/business/sitemap.html">Site map</a></p>

</div>

    

</div>

</div>

	<div class="col-sm-12 col-xs-12 col-md-6 column"><div class="text primary-color-white font-interstate-light font-size-14 section">
<div id="copyText" class="cmp-text">
    <p style="text-align: right;">Copyright ©2023 Trend Micro Incorporated. All rights reserved</p>

</div>

    

</div>

</div>
</div>
</div>

</div>
</div>
</div>


	</div>
</div>

	
    
<script type="text/javascript" src="/etc.clientlibs/clientlibs/granite/jquery.min.js"></script>
<script type="text/javascript" src="/etc.clientlibs/clientlibs/granite/utils.min.js"></script>
<script type="text/javascript" src="/etc.clientlibs/clientlibs/granite/jquery/granite.min.js"></script>
<script type="text/javascript" src="/etc.clientlibs/trendmicro/editableTemplateComponents/content/footer/v1/footer/clientLibs.min.js"></script>




</div>
</div></div>


			

<!-- /* Core functionality javascripts, absolute URL to leverage Akamai CDN */ -->
<script src="https://www.trendmicro.com/content/dam/trendmicro/global/core-library/sly.min.js"></script>
<script src="https://www.trendmicro.com/content/dam/trendmicro/global/core-library/jwplayer.js"></script>

<script type="text/javascript" src="https://www.youtube.com/iframe_api"></script>

            
    
    
<script type="text/javascript" src="/etc.clientlibs/trendresearch/clientlibs/clientlib-trendresearch.min.js"></script>
<script type="text/javascript" src="/etc.clientlibs/trendmicro/clientlibs/trendmicro-core-2/clientlibs/header-footer.min.js"></script>



    


    

    

    
    

            

            
			<!--For Modal-start-->
			<div class="modal-wrap"></div>
			<div class="jwPlayerString hidden">
				<span>sXpIBdPeKzI9PC2p0SWMpUSM2NSxWzPyXTMLlbXmYa0R20xk</span>
			</div>
			<!--For Modal-end-->
        

		<!-- Go to www.addthis.com/dashboard to customize your tools -->
		<script type="text/javascript" src="//s7.addthis.com/js/300/addthis_widget.js#pubid=ra-57bc9d0c3028a052"></script>		
    </body>
</html>
